Vulnerabilities > Cyberark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-37151 | Information Exposure Through Discrepancy vulnerability in Cyberark Identity CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. | 5.3 |
| 2020-11-27 | CVE-2020-25738 | Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 5.5 |
| 2020-10-28 | CVE-2020-25374 | Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15 CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | 2.6 |
| 2020-06-22 | CVE-2020-4062 | Unspecified vulnerability in Cyberark Conjur OSS Helm Chart In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. | 9.0 |
| 2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 7.8 |
| 2019-05-08 | CVE-2019-7442 | XXE vulnerability in Cyberark Enterprise Password Vault 10.6/10.7 An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | 9.8 |
| 2019-04-09 | CVE-2018-14894 | Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603 CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | 7.8 |
| 2019-03-08 | CVE-2019-9627 | Out-of-bounds Write vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603 A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | 7.0 |
| 2018-07-05 | CVE-2018-13052 | Unspecified vulnerability in Cyberark Endpoint Privilege Manager In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | 9.8 |
| 2018-06-26 | CVE-2018-12903 | Cross-site Scripting vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603 In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | 5.4 |