CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
CVSS

No CVSS.

Configurations

No configuration.

Information

Published : 2021-10-13 11:15

Updated : 2021-10-13 12:57


NVD link : CVE-2021-40842

Mitre link : CVE-2021-40842


JSON object : View

CWE

No CWE.

Products Affected

No product.