Vulnerabilities > Cyberark > Endpoint Privilege Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-11-27 CVE-2020-25738 Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
local
low complexity
cyberark CWE-427
5.5
2018-06-26 CVE-2018-12903 Cross-site Scripting vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.
network
low complexity
cyberark CWE-79
5.4