Unrated severityNVD Advisory· Published Oct 13, 2021· Updated Aug 4, 2024
CVE-2021-40842
CVE-2021-40842
Description
Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Proofpoint/Insider Threat Management Serverdescription
- Range: 7.12.0 and <7.11.2
Patches
Vulnerability mechanics
References
2- www.proofpoint.com/us/security/security-advisoriesmitrex_refsource_MISC
- www.proofpoint.com/us/security/security-advisories/pfpt-sa-2021-0008mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.