CVE-2021-40843 - OpenCVE

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Proofpoint	Insider Threat Management Server

Configuration 1 [-]

cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.proofpoint.com/us/security/security-advisories
https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-13T17:10:53

Updated: 2024-08-04T02:51:07.518Z

Reserved: 2021-09-10T00:00:00

Link: CVE-2021-40843

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-13T18:15:08.053

Modified: 2021-10-19T20:37:44.640

Link: CVE-2021-40843

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-13T17:10:53", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-40843", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.proofpoint.com/us/security/security-advisories", "refsource": "MISC", "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"name": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009", "refsource": "MISC", "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:51:07.518Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-40843", "datePublished": "2021-10-13T17:10:53", "dateReserved": "2021-09-10T00:00:00", "dateUpdated": "2024-08-04T02:51:07.518Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:proofpoint:insider_threat_management_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C084FE53-559E-4813-80AD-EB212C05CACE", "versionEndExcluding": "7.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected."}, {"lang": "es", "value": "Proofpoint Insider Threat Management Server contiene una vulnerabilidad de deserializaci\u00f3n no segura en la consola web. Un atacante con acceso de escritura a la base de datos local podr\u00eda causar la ejecuci\u00f3n de c\u00f3digo arbitrario con privilegios SYSTEM en el servidor subyacente cuando un usuario de la Consola Web desencadena la recuperaci\u00f3n de esos datos. Cuando se encadena con una vulnerabilidad de inyecci\u00f3n SQL, la vulnerabilidad podr\u00eda ser explotada remotamente si usuarios de la Consola Web hacen clic en una serie de URLs maliciosamente dise\u00f1adas. Todas las versiones anteriores a 7.11.2 est\u00e1n afectadas"}], "id": "CVE-2021-40843", "lastModified": "2021-10-19T20:37:44.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-13T18:15:08.053", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/us/security/security-advisories"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0009"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}]}