CVE-2023-36000

Name of the Vulnerable Software and Affected Versions Insider Threat Management Server versions prior to 7.14.3

Description A missing authorization check in the MacOS agent configuration endpoint enables an anonymous attacker on an adjacent network to obtain sensitive information. The attacker must first obtain a valid agent authentication token to successfully exploit this issue.

Recommendations For versions prior to 7.14.3, update to version 7.14.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the MacOS agent configuration endpoint until a patch is applied.