CVE-2020-8884

HIGH

Proofpoint Insider Threat Mgmt <7.9 - Code Injection

Title source: llm

Description

rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) before 7.9 allows remote authenticated users to execute arbitrary code as SYSTEM because of improper deserialization over named pipes.

References (2)

[Vendor Advisory] https://www.proofpoint.com/us/blog

[Vendor Advisory] https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2020-0002

Scores

CVSS v3 8.8

EPSS 0.1108

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (1)

proofpoint/insider_threat_management < 7.4.2

Timeline

Published Jan 06, 2021

Tracked Since Feb 18, 2026