Unrated severityNVD Advisory· Published Jun 27, 2023· Updated Nov 6, 2024

ITM Server Missing Authorization in SOAP Endpoints

CVE-2023-35998

Description

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server allows adjacent network attackers with a valid agent token to read and write unauthorized objects.

Vulnerability

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server allows an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected [1].

Exploitation

An attacker must be on an adjacent network and have obtained a valid agent authentication token. No additional privileges or user interaction are required beyond the token. The attacker then sends crafted SOAP requests to the vulnerable endpoints to read or write unauthorized objects [1].

Impact

Successful exploitation enables an unauthenticated attacker to read and write unauthorized objects on the server, leading to potential disclosure of sensitive information or modification of server data. The attacker does not gain full administrative control but can access and alter objects they should not have permission to [1].

Mitigation

Proofpoint has released fixed software version 7.14.3, available through the customer support portal [1]. Users should upgrade to this version or later. No workarounds are mentioned in the reference. Agents for MacOS, Linux, and Cloud are unaffected [1].

References

ITM Windows Agent Insecure Filesystem Permissions | Proofpoint US

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Proofpoint/Insider Threat Management Agentllm-fuzzy2 versions
<7.14.3+ 1 more
- (no CPE)range: <7.14.3
- (no CPE)range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-005mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000