CVE-2023-36002

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected.

Published: Jun 27, 2023
Updated: Jul 7, 2023
CVE: CVE-2023-36002
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
proofpoint / insider_threat_management_server	-	7.14.3

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0004
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005

Vulnerability Database

289,871

CVE-2023-36002