Vulnerabilities > CVE-2019-7442 - XXE vulnerability in Cyberark Enterprise Password Vault 10.6/10.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:46828 |
last seen | 2019-05-10 |
modified | 2019-05-10 |
published | 2019-05-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46828 |
title | CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection |
Packetstorm
data source | https://packetstormsecurity.com/files/download/152801/cyberarkepv107-xml.txt |
id | PACKETSTORM:152801 |
last seen | 2019-05-11 |
published | 2019-05-10 |
reporter | Marcelo Toran |
source | https://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html |
title | CyberArk Enterprise Password Vault 10.7 XML External Entity Injection |
References
- http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html
- https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/
- http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html
- https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/