CVE-2024-54840

Published: Feb 3, 2025Modified: Mar 14, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

Affected (1)

Products: Cyberark: Privileged Access Manager

Cyberark

1 product

Privileged Access Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cyberark Privileged Access Manager	Before 14.4

Related CWEs

CWE-348

Use of Less Trusted Source

The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

References (2)

https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes

Source: cve@mitre.org

Release Notes

https://gist.github.com/Hurdano/8244855ef8ec364fd98a2693de6e30c5

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.