What is CVE-2023-4828?

CVE-2023-4828 is a vulnerability in the Insider Threat Management (ITM) Server that allows an attacker to change the configuration of any registered agent to send agent communications to an attacker-chosen URL.

How can an attacker exploit CVE-2023-4828?

To exploit CVE-2023-4828, an attacker must first successfully obtain access to the Insider Threat Management (ITM) Server, then use it to change the agent configuration to redirect communications to an attacker-controlled URL.

What is the severity level of CVE-2023-4828?

The severity level of CVE-2023-4828 is high, with a severity score of 4.2.

What software is affected by CVE-2023-4828?

Proofpoint Insider Threat Management versions up to 7.14.3.69 are affected by CVE-2023-4828.

How can I mitigate CVE-2023-4828?

To mitigate CVE-2023-4828, it is recommended to update Proofpoint Insider Threat Management to a version that includes the necessary security patches.

Vulnerability/
CVE-2023-4828

medium

6.4

CWE

754

13/9/2023

24/9/2024

CVE-2023-4828: ITM Server Communications Hijack

First published: Wed Sep 13 2023(Updated: )

An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected.

Credit: security@proofpoint.com security@proofpoint.com

Affected Software	Affected Version	How to fix
Proofpoint Insider Threat Management	<7.14.3.69

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-4828?
CVE-2023-4828 is a vulnerability in the Insider Threat Management (ITM) Server that allows an attacker to change the configuration of any registered agent to send agent communications to an attacker-chosen URL.
How can an attacker exploit CVE-2023-4828?
To exploit CVE-2023-4828, an attacker must first successfully obtain access to the Insider Threat Management (ITM) Server, then use it to change the agent configuration to redirect communications to an attacker-controlled URL.
What is the severity level of CVE-2023-4828?
The severity level of CVE-2023-4828 is high, with a severity score of 4.2.
What software is affected by CVE-2023-4828?
Proofpoint Insider Threat Management versions up to 7.14.3.69 are affected by CVE-2023-4828.
How can I mitigate CVE-2023-4828?
To mitigate CVE-2023-4828, it is recommended to update Proofpoint Insider Threat Management to a version that includes the necessary security patches.

collector/nvd-api
collector/nvd-index
agent/references
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/title
agent/severity
agent/tags
agent/first-publish-date
agent/event
agent/description
vendor/proofpoint
canonical/proofpoint insider threat management

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.