VYPR
Vendor

Cyber Ark

Products
18
CVEs
42
Across products
50
Status
Private

Products

18

Recent CVEs

42
View all 42 CVEs →
  • CVE-2019-7442CriMay 8, 2019
    risk 0.70cvss 9.8epss 0.40

    An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

  • CVE-2018-9843CriApr 12, 2018
    risk 0.68cvss 9.8epss 0.17

    The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

  • CVE-2018-13052CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.01

    In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.

  • CVE-2025-22273CriFeb 28, 2025
    risk 0.60cvss epss 0.01

    Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk…

  • CVE-2026-45176HigJun 11, 2026
    risk 0.58cvss epss 0.00

    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific…

  • CVE-2026-45169HigJun 12, 2026
    risk 0.57cvss epss 0.00

    Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service…

  • CVE-2026-45172HigJun 11, 2026
    risk 0.57cvss epss 0.01

    Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17…

  • CVE-2026-45171HigJun 11, 2026
    risk 0.57cvss epss 0.01

    Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security…

  • CVE-2025-49831CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few…

  • CVE-2025-49827CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An…

  • CVE-2026-45174HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19

  • CVE-2026-45173HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could…

  • CVE-2026-45175HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could…

  • CVE-2026-45178HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets…

  • CVE-2024-42340HigAug 25, 2024
    risk 0.54cvss 8.3epss 0.00

    CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

  • CVE-2017-11197HigMay 3, 2023
    risk 0.54cvss 7.8epss 0.01

    In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.

  • CVE-2021-44049HigJan 15, 2022
    risk 0.51cvss 7.8epss 0.00

    CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

  • CVE-2025-49828HigJul 15, 2025
    risk 0.50cvss 8.8epss 0.02

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker…

  • CVE-2020-4062HigJun 22, 2020
    risk 0.50cvss 8.7epss 0.01

    In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the…

  • CVE-2026-45170HigJun 12, 2026
    risk 0.49cvss epss 0.00

    Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17