Vulnerability Details CVE-2021-27900
The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) is missing an authorization check on several pages in the Web Console. This enables a view-only user to change any configuration setting and delete any registered agents. All versions before 7.11.1 are affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 5.5
References
Products affected by CVE-2021-27900
-
cpe:2.3:a:proofpoint:insider_threat_management:7.10.0
-
cpe:2.3:a:proofpoint:insider_threat_management:7.10.2
-
cpe:2.3:a:proofpoint:insider_threat_management:7.11.0.0
-
cpe:2.3:a:proofpoint:insider_threat_management:7.11.0.25
-
cpe:2.3:a:proofpoint:insider_threat_management:7.9.0