cvedb.io
CVE-2021-40843
HIGH · CVSS 7.3
EPSS exploitation probability: 0%
Published 2021-10-13T18:15:08.053 · Last modified 2026-06-17T04:07:31.420

Summary

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

Affected products

proofpoint — insider_threat_management_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when proofpoint ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.