CVE-2023-4801

HIGH

ITM Agent for MacOS <7.14.3.69 - Info Disclosure

Title source: llm

Description

An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.

References (2)

Core 2

Core References

Broken Link

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-006

Vendor Advisory

https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0006

Scores

CVSS v3 7.5

EPSS 0.0022

EPSS Percentile 12.7%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-295

Status published

Products (1)

proofpoint/insider_threat_management < 7.14.3.69

Published Sep 13, 2023

Tracked Since Feb 18, 2026