Vulnerabilities > Cyberark > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-25 | CVE-2024-42340 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | 4.3 |
| 2024-08-25 | CVE-2024-42337 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 6.5 |
| 2024-08-25 | CVE-2024-42338 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2024-08-25 | CVE-2024-42339 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2022-03-03 | CVE-2022-22700 | Use of Insufficiently Random Values vulnerability in Cyberark Identity CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. | 5.0 |
| 2022-01-15 | CVE-2021-44049 | Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | 6.9 |
| 2021-09-02 | CVE-2021-31796 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyberark Credential Provider An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. | 5.0 |
| 2021-09-02 | CVE-2021-31797 | Insufficient Entropy vulnerability in Cyberark Credential Provider The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | 5.1 |
| 2021-09-01 | CVE-2021-37151 | Information Exposure Through Discrepancy vulnerability in Cyberark Identity CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. | 5.3 |
| 2019-04-09 | CVE-2018-14894 | Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | 4.6 |