CVE-2023-36002

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jun 27, 2023

Updated: Jul 6, 2023

CWE ID 862

Summary

CVE-2023-36002 is a vulnerability affecting the Insider Threat Management Server. The issue stems from a missing authorization check in several URL validation endpoints, which allows an unauthenticated attacker on a nearby network to manipulate DNS lookups through smuggling content. Servers running versions prior to 7.14.3 are at risk of exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Proofpoint, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ry1tLQ
https://www.cve.org/CVERecord?id=CVE-2023-36002
https://nvd.nist.gov/vuln/detail/CVE-2023-36002

Back to Vulnerability Database

CVE-2023-36002

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations