CVE-2023-4801— ITM MacOS Agent Improper Certificate Validation

ITM MacOS Agent Improper Certificate Validation

An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

证书验证不恰当

Proofpoint Insider Threat Management 信任管理问题漏洞

Proofpoint Insider Threat Management（Proofpoint ITM）是美国Proofpoint公司的一个内部威胁管理系统。 Proofpoint Insider Threat Management 7.14.3.69之前版本存在信任管理问题漏洞，该漏洞源于不正确认证验证漏洞，可能会被相邻网络上的匿名行为者利用，在代理注册后在代理和服务器之间建立中间人位置。

N/A

N/A