CVE-2024-57967

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes
https://www.cyberark.com/ca24-15/

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) PVWA (Password Vault Web Access) en CyberArk Privileged Access Manager Self-Hosted anterior a la versión 14.4 tiene privilegios potencialmente elevados en la asignación de LDAP.

03 Feb 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-03 18:15

Updated : 2026-06-17 08:14

NVD link : CVE-2024-57967

Mitre link : CVE-2024-57967

CVE.ORG link : CVE-2024-57967

JSON object : View

Products Affected

No product.

CWE

CWE-266

Incorrect Privilege Assignment

4.2 /10