Vulnerabilities > Cyberark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-25 | CVE-2024-42340 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | 4.3 |
| 2024-08-25 | CVE-2024-42337 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 6.5 |
| 2024-08-25 | CVE-2024-42338 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2024-08-25 | CVE-2024-42339 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2023-05-03 | CVE-2017-11197 | Unspecified vulnerability in Cyberark Viewfinity 5.5.10.95 In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. | 7.8 |
| 2022-03-03 | CVE-2022-22700 | Use of Insufficiently Random Values vulnerability in Cyberark Identity CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. | 5.0 |
| 2022-01-15 | CVE-2021-44049 | Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | 6.9 |
| 2021-09-02 | CVE-2021-31796 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyberark Credential Provider An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. | 5.0 |
| 2021-09-02 | CVE-2021-31798 | Insufficient Entropy vulnerability in Cyberark Credential Provider The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | 1.9 |
| 2021-09-02 | CVE-2021-31797 | Insufficient Entropy vulnerability in Cyberark Credential Provider The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | 5.1 |