Vulnerabilities > Cyberark > Low

DATE CVE VULNERABILITY TITLE RISK
2021-09-02 CVE-2021-31798 Insufficient Entropy vulnerability in Cyberark Credential Provider
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
1.9
2020-11-27 CVE-2020-25738 Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
1.9
2020-10-28 CVE-2020-25374 Insufficient Session Expiration vulnerability in Cyberark Privileged Session Manager 10.9.0.15
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
network
high complexity
cyberark CWE-613
2.6
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
2.1
2018-06-26 CVE-2018-12903 Cross-site Scripting vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.
network
cyberark CWE-79
3.5