Cyberark

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-25374 1Cyberark 1Privileged Session Manager Nov 21, 2024 Oct 28, 2020 N/A· v4 2.6 LOW· v3 2.1 LOW· v2 CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
CVE-2020-4062 1Cyberark 1Conjur Oss Helm Chart Nov 21, 2024 Jun 22, 2020 N/A· v4 9.0 CRITICAL· v3 7.7 HIGH· v2 In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access...Show more In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC).Show less
CVE-2019-3800 27Anynines ApigeeAppdynamics+24 more 55Application Analytics Application MonitoringApplication Performance Monitoring+52 more Nov 21, 2024 Aug 5, 2019 N/A· v4 7.8 HIGH· v3 2.1 LOW· v2 CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with acces...Show more CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials.Show less
CVE-2019-7442 1Cyberark 1Enterprise Password Vault Nov 21, 2024 May 8, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a c...Show more An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.Show less
CVE-2018-14894 1Cyberark 1Endpoint Privilege Manager Nov 21, 2024 Apr 9, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
CVE-2019-9627 1Cyberark 1Endpoint Privilege Manager Nov 21, 2024 Mar 8, 2019 N/A· v4 7.0 HIGH· v3 6.9 MEDIUM· v2 A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine...Show more A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.Show less
CVE-2018-13052 1Cyberark 1Endpoint Privilege Manager Nov 21, 2024 Jul 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.
CVE-2018-12903 1Cyberark 1Endpoint Privilege Manager Nov 21, 2024 Jun 26, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in C...Show more In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.Show less
CVE-2018-9843 1Cyberark 1Password Vault Nov 21, 2024 Apr 12, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
CVE-2018-9842 1Cyberark 1Password Vault Nov 21, 2024 Apr 12, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.

Previous 12