Password Vault Web Access
by Cyber Ark
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9843 | Cri | 0.68 | 9.8 | 0.17 | Apr 12, 2018 | The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | ||
| CVE-2018-9842 | Med | 0.39 | 5.3 | 0.14 | Apr 12, 2018 | CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | ||
| CVE-2024-57967 | Med | 0.27 | 4.2 | 0.00 | Feb 3, 2025 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. | ||
| CVE-2024-54840 | Med | 0.27 | 4.2 | 0.00 | Feb 3, 2025 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. | ||
| CVE-2011-0459 | 0.00 | — | 0.01 | Oct 5, 2011 | Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.68cvss 9.8epss 0.17
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
- risk 0.39cvss 5.3epss 0.14
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
- risk 0.27cvss 4.2epss 0.00
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
- risk 0.27cvss 4.2epss 0.00
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
- CVE-2011-0459Oct 5, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.