CVE-2021-27900
First published: Tue Apr 06 2021(Updated: )
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Proofpoint Insider Threat Management | >=7.9.0<7.9.3 | |
| Proofpoint Insider Threat Management | >=7.10.0<7.10.3 | |
| Proofpoint Insider Threat Management | >=7.11.0<7.11.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-27900.
What software is affected by this vulnerability?
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is affected.
What versions of the software are affected?
All versions before 7.11.1 are affected.
What is the severity of this vulnerability?
The severity of this vulnerability is high with a CVSS score of 8.1.
How can I fix this vulnerability?
Upgrade to version 7.11.1 or later of the Proofpoint Insider Threat Management Server to fix this vulnerability.
- collector/nvd-index
- vendor/proofpoint
- canonical/proofpoint insider threat management
- version/proofpoint insider threat management/7.9.0
- version/proofpoint insider threat management/7.10.0
- version/proofpoint insider threat management/7.11.0