Is CVE-2021-40843 actively exploited?

CVE-2021-40843 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-40843?

CVE-2021-40843 has a CVSS score of 7.3 (HIGH severity). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.

How do I patch CVE-2021-40843?

Patch guidance is available from proofpoint security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-40843.

Which products are affected by CVE-2021-40843?

1 product: proofpoint insider threat management server.

Fix CVE-2021-40843 - HIGH | CVEDatabase.com

Description

Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with SYSTEM privileges on the underlying server when a Web Console user triggers retrieval of that data. When chained with a SQL injection vulnerability, the vulnerability could be exploited remotely if Web Console users click a series of maliciously crafted URLs. All versions prior to 7.11.2 are affected.

CVSS Metrics

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector: local
Complexity: low
Privileges: low
User Action: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-502 · Insecure Deserialization

Metadata

Primary Vendor: PROOFPOINT
Published: 10/13/2021
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

proofpoint : insider_threat_management_server

Remediation Guidance

Executive Summary

Cite this page

CVE-2021-40843. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2021-40843

View on NIST NVD

CVE-2021-40843 vulnerability