Vulnerabilities > CVE-2020-25374 - Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

high complexity

cyberark

CWE-613

NVD

Published: 2020-10-28

Updated: 2023-11-07

Summary

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

Vulnerable Configurations

Part	Description	Count
Application	Cyberark Cyberark Privileged Session Manager 10.9.0.15	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm
https://medium.com/%40virajmota38/full-path-disclosure-8a9358e5a867