Vulnerabilities > Cyberark
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 2.1 |
| 2019-05-08 | CVE-2019-7442 | XXE vulnerability in Cyberark Enterprise Password Vault An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | 7.5 |
| 2019-04-09 | CVE-2018-14894 | Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | 4.6 |
| 2019-03-08 | CVE-2019-9627 | Out-of-bounds Write vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603 A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | 6.9 |
| 2018-07-05 | CVE-2018-13052 | Unspecified vulnerability in Cyberark Endpoint Privilege Manager In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | 7.5 |
| 2018-06-26 | CVE-2018-12903 | Cross-site Scripting vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603 In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | 3.5 |
| 2018-04-12 | CVE-2018-9843 | Deserialization of Untrusted Data vulnerability in Cyberark Password Vault 10.0 The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | 7.5 |
| 2018-04-12 | CVE-2018-9842 | Information Exposure vulnerability in Cyberark Password Vault CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | 5.0 |