Vulnerabilities > CVE-2020-25374 - Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15
Attack vector
NETWORK Attack complexity
HIGH Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm
- https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm
- https://medium.com/%40virajmota38/full-path-disclosure-8a9358e5a867
- https://medium.com/%40virajmota38/full-path-disclosure-8a9358e5a867