Unrated severityNVD Advisory· Published Jan 26, 2021· Updated Aug 3, 2024
CVE-2021-22159
CVE-2021-22159
Description
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Proofpoint/Insider Threat Management Agent for Windowsdescription
- Range: before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25; versions 7.3 and earlier
Patches
Vulnerability mechanics
References
2- www.proofpoint.com/us/security/security-advisoriesmitrex_refsource_MISC
- www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0001mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.