Vulnerabilities > Cyberark > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-03 | CVE-2024-54840 | Unspecified vulnerability in Cyberark Privileged Access Manager PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. | 6.1 |
| 2024-08-25 | CVE-2024-42340 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | 4.3 |
| 2024-08-25 | CVE-2024-42337 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 6.5 |
| 2024-08-25 | CVE-2024-42338 | Information Exposure vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2024-08-25 | CVE-2024-42339 | Unspecified vulnerability in Cyberark Identity CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 4.3 |
| 2022-03-03 | CVE-2022-22700 | Use of Insufficiently Random Values vulnerability in Cyberark Identity CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. | 5.3 |
| 2021-09-02 | CVE-2021-31798 | Insufficient Entropy vulnerability in Cyberark Credential Provider The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | 4.4 |
| 2021-09-02 | CVE-2021-31797 | Insufficient Entropy vulnerability in Cyberark Credential Provider The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | 5.1 |
| 2021-09-01 | CVE-2021-37151 | Information Exposure Through Discrepancy vulnerability in Cyberark Identity CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. | 5.3 |
| 2020-11-27 | CVE-2020-25738 | Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 5.5 |