CVE-2020-10656

CRITICAL

Proofpoint Insider Threat Management Server <7.9.1 - Code Injection

Title source: llm

Description

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteWindowMouseWithChunksV2 API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

References (2)

[Product] https://www.proofpoint.com/us/blog

[Vendor Advisory] https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0003

Scores

CVSS v3 9.8

EPSS 0.0660

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

proofpoint/insider_threat_management_server < 7.9.1

Timeline

Published Jan 06, 2021

Tracked Since Feb 18, 2026