CVE-2021-40842: SQL Injection
First published: Wed Oct 13 2021(Updated: )
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Proofpoint Insider Threat Management Server | <7.11.2 | |
| Proofpoint Insider Threat Management Server | =7.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-40842.
What is the title of this vulnerability?
The title of this vulnerability is 'Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console'.
What is the severity of CVE-2021-40842?
The severity of CVE-2021-40842 is critical with a severity score of 9.8.
Which software is affected by CVE-2021-40842?
Proofpoint Insider Threat Management Server versions 7.11.2 and 7.12.0 are affected by CVE-2021-40842.
How can I fix CVE-2021-40842?
To fix CVE-2021-40842, it is recommended to apply the latest security patches or updates provided by Proofpoint.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/proofpoint
- canonical/proofpoint insider threat management server
- version/proofpoint insider threat management server/7.12.0