CVE-2023-36002

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Insider Threat Management Server versions prior to 7.14.3

Description A missing authorization check in multiple URL validation endpoints enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups.

Recommendations For versions prior to 7.14.3, update to version 7.14.3 or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-36002

Affected Products

Insider Threat Management Server

CVE-2023-36002

Weakness Enumeration

Related Identifiers

Affected Products

References · 4