CVE-2023-35998

Name of the Vulnerable Software and Affected Versions Insider Threat Management Server versions prior to 7.14.3

Description A missing authorization check in multiple SOAP endpoints enables an attacker on an adjacent network to read and write unauthorized objects. To exploit this, an attacker must first obtain a valid agent authentication token.

Recommendations For versions prior to 7.14.3, update to version 7.14.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP endpoints until a patch is applied.