Filtered by vendor Cyberark
Subscribe
Total
30 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2024-11-21 | 2.1 LOW | 6.3 MEDIUM |
| CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | |||||
| CVE-2018-9843 | 1 Cyberark | 1 Password Vault | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | |||||
| CVE-2018-9842 | 1 Cyberark | 1 Password Vault | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | |||||
| CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | |||||
| CVE-2018-13052 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | |||||
| CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. | |||||
| CVE-2024-42337 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 6.5 MEDIUM |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-42338 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||
| CVE-2024-42340 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
| CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | |||||
| CVE-2024-42339 | 1 Cyberark | 1 Identity | 2024-08-30 | N/A | 4.3 MEDIUM |
| CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | |||||