Is CVE-2021-40842 actively exploited?

CVE-2021-40842 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-40842?

CVE-2021-40842 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2021-40842?

Patch guidance is available from proofpoint security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-40842.

Fix CVE-2021-40842 - CRITICAL

Q: Which products are affected by CVE-2021-40842?

2 products: proofpoint insider threat management server, proofpoint insider threat management server.

Description

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the server could be used to blindly execute arbitrary SQL statements on the backend database. Version 7.12.0 and all versions prior to 7.11.2 are affected.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-89 · SQL Injection

Metadata

Primary Vendor: PROOFPOINT
Published: 10/13/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

proofpoint : insider_threat_management_serverproofpoint : insider_threat_management_server

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-40842. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2021-40842

View on NIST NVD

CVE-2021-40842 vulnerability