Vulnerabilities > Cyberark

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2022-22700 Use of Insufficiently Random Values vulnerability in Cyberark Identity
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'.
network
low complexity
cyberark CWE-330
5.0
2022-01-15 CVE-2021-44049 Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
6.9
2021-09-02 CVE-2021-31796 Inadequate Encryption Strength vulnerability in Cyberark Credential Provider
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure.
network
low complexity
cyberark CWE-326
5.0
2021-09-02 CVE-2021-31798 Inadequate Encryption Strength vulnerability in Cyberark Credential Provider
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
1.9
2021-09-02 CVE-2021-31797 Inadequate Encryption Strength vulnerability in Cyberark Credential Provider
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
1.9
2021-09-01 CVE-2021-37151 Improper Authentication vulnerability in Cyberark Identity
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid.
network
low complexity
cyberark CWE-287
5.0
2020-11-27 CVE-2020-25738 Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
1.9
2020-10-28 CVE-2020-25374 Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
network
high complexity
cyberark CWE-613
2.1
2020-06-22 CVE-2020-4062 Improper Access Control vulnerability in Cyberark Conjur OSS Helm Chart
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port.
low complexity
cyberark CWE-284
7.7
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
2.1