Vulnerabilities > CVE-2019-7442 - XXE vulnerability in Cyberark Enterprise Password Vault
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
id | EDB-ID:46828 |
last seen | 2019-05-10 |
modified | 2019-05-10 |
published | 2019-05-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/46828 |
title | CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection |
Packetstorm
data source | https://packetstormsecurity.com/files/download/152801/cyberarkepv107-xml.txt |
id | PACKETSTORM:152801 |
last seen | 2019-05-11 |
published | 2019-05-10 |
reporter | Marcelo Toran |
source | https://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html |
title | CyberArk Enterprise Password Vault 10.7 XML External Entity Injection |