Known Vulnerabilities for products from Cyberark
Listed below are 18 of the newest known vulnerabilities associated with the vendor "Cyberark".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22700 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-03 | 2022-03-09 |
| CVE-2021-44049 json | CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privilege... | 7.8 - HIGH | 2022-01-15 | 2022-07-12 |
| CVE-2021-37151 json | CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid.... | 5.3 - MEDIUM | 2021-09-01 | 2023-11-07 |
| CVE-2021-31798 json | The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under ce... | 4.4 - MEDIUM | 2021-09-02 | 2022-07-12 |
| CVE-2021-31797 json | The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race cond... | 5.1 - MEDIUM | 2021-09-02 | 2023-08-08 |
| CVE-2021-31796 json | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclos... | 7.5 - HIGH | 2021-09-02 | 2022-07-12 |
| CVE-2020-25738 json | CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by in... | 5.5 - MEDIUM | 2020-11-27 | 2020-12-04 |
| CVE-2020-25374 json | CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup... | 2.6 - LOW | 2020-10-28 | 2023-11-07 |
| CVE-2020-4062 json | In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conju... | 9 - CRITICAL | 2020-06-22 | 2022-09-20 |
| CVE-2019-9627 json | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 all... | 7 - HIGH | 2019-03-08 | 2022-04-05 |
| CVE-2019-7442 json | An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10... | 9.8 - CRITICAL | 2019-05-08 | 2019-05-10 |
| CVE-2019-3800 json | CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the use... | 7.8 - HIGH | 2019-08-05 | 2019-10-09 |
| CVE-2018-14894 json | CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to ... | 7.8 - HIGH | 2019-04-09 | 2019-10-03 |
| CVE-2018-13052 json | In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one proces... | 9.8 - CRITICAL | 2018-07-05 | 2019-10-03 |
| CVE-2018-12903 json | In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the c... | 5.4 - MEDIUM | 2018-06-26 | 2018-08-30 |
| CVE-2018-9843 json | The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbit... | 9.8 - CRITICAL | 2018-04-12 | 2019-02-27 |
| CVE-2018-9842 json | CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a... | 5.3 - MEDIUM | 2018-04-12 | 2019-02-27 |
| CVE-2017-11197 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2023-05-03 | 2023-05-10 |
Known software with vulnerabilities from Cyberark
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cyberark | Conjur Oss Helm Chart | 0.1.0 |
| Application | Cyberark | Conjur Service Broker | - |
| Application | Cyberark | Endpoint Privilege Manager | - |
| Application | Cyberark | Enterprise Password Vault | 10.6 |
| Application | Cyberark | Password Vault | 10.0 |
| Application | Cyberark | Privileged Session Manager | 10.9.0.15 |