VYPR

Password Vault Web Access

by Cyber Ark

CVEs (5)

  • CVE-2018-9843CriApr 12, 2018
    risk 0.68cvss 9.8epss 0.17

    The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

  • CVE-2018-9842MedApr 12, 2018
    risk 0.39cvss 5.3epss 0.14

    CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.

  • CVE-2024-57967MedFeb 3, 2025
    risk 0.27cvss 4.2epss 0.00

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.

  • CVE-2024-54840MedFeb 3, 2025
    risk 0.27cvss 4.2epss 0.00

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

  • CVE-2011-0459Oct 5, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.