ITM Server Missing Authorization for Agent Config
Description
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insider Threat Management Server missing authorization in MacOS agent endpoint allows sensitive info disclosure to anonymous attackers on adjacent networks with a valid token. Fixed in 7.14.3.
Vulnerability
A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. The attacker must first obtain a valid agent authentication token. All versions before 7.14.3 are affected.
Exploitation
An attacker with network access to an adjacent network and possession of a valid agent authentication token can send unauthorized requests to the MacOS agent configuration endpoint to retrieve sensitive information.
Impact
Successful exploitation allows the attacker to obtain sensitive information, leading to information disclosure.
Mitigation
Proofpoint has released fixed software version 7.14.3, which is available through the customer support portal [1]. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<7.14.3+ 1 more
- (no CPE)range: <7.14.3
- (no CPE)range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.