CVE-2023-35998

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Jun 27, 2023

Updated: Jul 6, 2023

CWE ID 862

Summary

CVE-2023-35998 is a vulnerability affecting the Insider Threat Management Server. This issue stems from a missing authorization check in several SOAP endpoints, making it possible for an attacker on a neighboring network to unauthorizedly read and write objects. To exploit this weakness, the attacker must initially obtain a legitimate agent authentication token. Versions of the Insider Threat Management Server prior to 7.14.3 are susceptible to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Proofpoint, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ry1j7_
https://www.cve.org/CVERecord?id=CVE-2023-35998
https://nvd.nist.gov/vuln/detail/CVE-2023-35998

Back to Vulnerability Database

CVE-2023-35998

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations