Vulnerabilities > Cyberark > Identity > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-25 | CVE-2024-42340 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | 4.3 |
| 2024-08-25 | CVE-2024-42337 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 6.5 |
| 2024-08-25 | CVE-2024-42338 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2024-08-25 | CVE-2024-42339 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2022-03-03 | CVE-2022-22700 | Use of Insufficiently Random Values vulnerability in Cyberark Identity CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. | 5.0 |
| 2021-09-01 | CVE-2021-37151 | Information Exposure Through Discrepancy vulnerability in Cyberark Identity CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. | 5.3 |