Vulnerabilities > Cyberark > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-25 CVE-2024-42340 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
network
low complexity
cyberark
4.3
2024-08-25 CVE-2024-42337 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
6.5
2024-08-25 CVE-2024-42338 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
4.3
2024-08-25 CVE-2024-42339 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark
4.3
2022-03-03 CVE-2022-22700 Use of Insufficiently Random Values vulnerability in Cyberark Identity
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'.
network
low complexity
cyberark CWE-330
5.3
2021-09-02 CVE-2021-31798 Insufficient Entropy vulnerability in Cyberark Credential Provider
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
local
low complexity
cyberark CWE-331
4.4
2021-09-02 CVE-2021-31797 Insufficient Entropy vulnerability in Cyberark Credential Provider
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
local
high complexity
cyberark CWE-331
5.1
2021-09-01 CVE-2021-37151 Information Exposure Through Discrepancy vulnerability in Cyberark Identity
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid.
network
low complexity
cyberark CWE-203
5.3
2020-11-27 CVE-2020-25738 Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
local
low complexity
cyberark CWE-427
5.5
2018-06-26 CVE-2018-12903 Cross-site Scripting vulnerability in Cyberark Endpoint Privilege Manager 10.2.1.603
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.
network
low complexity
cyberark CWE-79
5.4