Vulnerabilities > Cyberark > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-25 CVE-2024-42340 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
network
low complexity
cyberark
4.3
2024-08-25 CVE-2024-42337 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
6.5
2024-08-25 CVE-2024-42338 Information Exposure vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark CWE-200
4.3
2024-08-25 CVE-2024-42339 Unspecified vulnerability in Cyberark Identity
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
network
low complexity
cyberark
4.3
2022-03-03 CVE-2022-22700 Use of Insufficiently Random Values vulnerability in Cyberark Identity
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'.
network
low complexity
cyberark CWE-330
5.0
2022-01-15 CVE-2021-44049 Exposure of Resource to Wrong Sphere vulnerability in Cyberark Endpoint Privilege Manager
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
6.9
2021-09-02 CVE-2021-31796 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Cyberark Credential Provider
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure.
network
low complexity
cyberark CWE-327
5.0
2021-09-02 CVE-2021-31797 Insufficient Entropy vulnerability in Cyberark Credential Provider
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
local
high complexity
cyberark CWE-331
5.1
2021-09-01 CVE-2021-37151 Information Exposure Through Discrepancy vulnerability in Cyberark Identity
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid.
network
low complexity
cyberark CWE-203
5.3
2019-04-09 CVE-2018-14894 Improper Privilege Management vulnerability in Cyberark Endpoint Privilege Manager
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
local
low complexity
cyberark CWE-269
4.6