Known Vulnerabilities for products from Cyberark

Listed below are 17 of the newest known vulnerabilities associated with the vendor "Cyberark".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-22700 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 5.3 - MEDIUM 2022-03-03 2022-03-09
CVE-2021-37151 CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid.... 5.3 - MEDIUM 2021-09-01 2023-11-07
CVE-2021-31798 The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under ce... 4.4 - MEDIUM 2021-09-02 2022-07-12
CVE-2021-31797 The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race cond... 5.1 - MEDIUM 2021-09-02 2023-08-08
CVE-2021-31796 An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclos... 7.5 - HIGH 2021-09-02 2022-07-12
CVE-2020-25738 CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by in... 5.5 - MEDIUM 2020-11-27 2020-12-04
CVE-2020-25374 CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup... 2.6 - LOW 2020-10-28 2023-11-07
CVE-2020-4062 In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conju... 9 - CRITICAL 2020-06-22 2022-09-20
CVE-2019-9627 A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 all... 7 - HIGH 2019-03-08 2022-04-05
CVE-2019-7442 An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10... 9.8 - CRITICAL 2019-05-08 2019-05-10
CVE-2019-3800 CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the use... 7.8 - HIGH 2019-08-05 2019-10-09
CVE-2018-14894 CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to ... 7.8 - HIGH 2019-04-09 2019-10-03
CVE-2018-13052 In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one proces... 9.8 - CRITICAL 2018-07-05 2019-10-03
CVE-2018-12903 In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the c... 5.4 - MEDIUM 2018-06-26 2018-08-30
CVE-2018-9843 The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbit... 9.8 - CRITICAL 2018-04-12 2019-02-27
CVE-2018-9842 CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a... 5.3 - MEDIUM 2018-04-12 2019-02-27
CVE-2017-11197 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.8 - HIGH 2023-05-03 2023-05-10

Known software with vulnerabilities from Cyberark

Type Vendor Product Version
ApplicationCyberarkConjur Oss Helm Chart0.1.0
ApplicationCyberarkConjur Service Broker-
ApplicationCyberarkEndpoint Privilege Manager-
ApplicationCyberarkEnterprise Password Vault10.6
ApplicationCyberarkPassword Vault9.9.5
ApplicationCyberarkPrivileged Session Manager10.9.0.15