Filtered by vendor Cyberark
Subscribe
Total
17 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-4062 | 1 Cyberark | 1 Conjur Oss Helm Chart | 2022-09-20 | 7.7 HIGH | 9.0 CRITICAL |
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the attacker's privileges to assume full control. A malicious actor who knows the IP address and port number of the Postgres database and has access into the Kubernetes cluster where Conjur runs can gain full read & write access to the Postgres database. This enables the attacker to write a policy that allows full access to retrieve any secret. This Helm chart is a method to install Conjur OSS into a Kubernetes environment. Hence, the systems impacted are only Conjur OSS systems that were deployed using this chart. Other deployments including Docker and the CyberArk Dynamic Access Provider (DAP) are not affected. To remediate this vulnerability, clone the latest Helm Chart and follow the upgrade instructions. If you are not able to fully remediate this vulnerability immediately, you can mitigate some of the risk by making sure Conjur OSS is deployed on an isolated Kubernetes cluster or namespace. The term "isolated" refers to: - No other workloads besides Conjur OSS and its backend database are running in that Kubernetes cluster/namespace. - Kubernetes and helm access to the cluster/namespace is limited to security administrators via Role-Based Access Control (RBAC). | |||||
CVE-2021-37151 | 1 Cyberark | 1 Identity | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords. | |||||
CVE-2021-44049 | 1 Cyberark | 1 Endpoint Privilege Manager | 2022-07-12 | 6.9 MEDIUM | 7.8 HIGH |
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | |||||
CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | |||||
CVE-2021-31798 | 1 Cyberark | 1 Credential Provider | 2022-07-12 | 1.9 LOW | 4.4 MEDIUM |
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | |||||
CVE-2019-9627 | 1 Cyberark | 1 Endpoint Privilege Manager | 2022-04-05 | 6.9 MEDIUM | 7.0 HIGH |
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | |||||
CVE-2022-22700 | 1 Cyberark | 1 Identity | 2022-03-09 | 5.0 MEDIUM | 5.3 MEDIUM |
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. | |||||
CVE-2021-31797 | 1 Cyberark | 1 Credential Provider | 2021-09-10 | 1.9 LOW | 5.1 MEDIUM |
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | |||||
CVE-2020-25738 | 1 Cyberark | 1 Endpoint Privilege Manager | 2020-12-04 | 1.9 LOW | 5.5 MEDIUM |
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | |||||
CVE-2020-25374 | 1 Cyberark | 1 Privileged Session Manager | 2020-12-02 | 2.1 LOW | 2.6 LOW |
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | |||||
CVE-2019-3800 | 27 Anynines, Apigee, Appdynamics and 24 more | 55 Elasticsearch, Logme, Mongodb and 52 more | 2019-10-09 | 2.1 LOW | 7.8 HIGH |
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the leaked credentials. | |||||
CVE-2018-14894 | 1 Cyberark | 1 Endpoint Privilege Manager | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications. | |||||
CVE-2018-13052 | 1 Cyberark | 1 Endpoint Privilege Manager | 2019-10-02 | 7.5 HIGH | 9.8 CRITICAL |
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | |||||
CVE-2019-7442 | 1 Cyberark | 1 Enterprise Password Vault | 2019-05-10 | 7.5 HIGH | 9.8 CRITICAL |
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | |||||
CVE-2018-9843 | 1 Cyberark | 1 Password Vault | 2019-02-27 | 7.5 HIGH | 9.8 CRITICAL |
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | |||||
CVE-2018-9842 | 1 Cyberark | 1 Password Vault | 2019-02-27 | 5.0 MEDIUM | 5.3 MEDIUM |
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | |||||
CVE-2018-12903 | 1 Cyberark | 1 Endpoint Privilege Manager | 2018-08-30 | 3.5 LOW | 5.4 MEDIUM |
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. |