CVE-2021-40842

Published: Oct 13, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.proofpoint.com/us/security/security-advisories

x_refsource_MISC

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-40842

Description

Affected Products

References