Vulnerabilities > Cyberark

DATE CVE VULNERABILITY TITLE RISK
2024-08-25 CVE-2024-42340 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
network
low complexity
cyberark
4.3
2024-08-25 CVE-2024-42337 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
6.5
2024-08-25 CVE-2024-42338 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
4.3
2024-08-25 CVE-2024-42339 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark
4.3
2023-05-03 CVE-2017-11197 Unspecified vulnerability in Cyberark Viewfinity 5.5.10.95
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
local
low complexity
cyberark
7.8
2022-03-03 CVE-2022-22700 Use of Insufficiently Random Values vulnerability in Cyberark Identity
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'.
network
low complexity
cyberark CWE-330
5.3
2022-01-15 CVE-2021-44049 Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
local
low complexity
cyberark CWE-668
7.8
2021-09-02 CVE-2021-31796 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyberark Credential Provider
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure.
network
low complexity
cyberark CWE-327
7.5
2021-09-02 CVE-2021-31798 Insufficient Entropy vulnerability in Cyberark Credential Provider
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
local
low complexity
cyberark CWE-331
4.4
2021-09-02 CVE-2021-31797 Insufficient Entropy vulnerability in Cyberark Credential Provider
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
local
high complexity
cyberark CWE-331
5.1