Cyberark Identity Management
by Cyber Ark
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-42340 | Hig | 0.54 | 8.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||
| CVE-2022-22700 | Med | 0.35 | 5.3 | 0.01 | Mar 3, 2022 | CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists… | ||
| CVE-2024-42339 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-42338 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-42337 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
- risk 0.54cvss 8.3epss 0.00
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
- risk 0.35cvss 5.3epss 0.01
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists…
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor