Vendor CVEs
Cyber Ark
All CVEs
42 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-7442 | Cri | 0.70 | 9.8 | 0.40 | May 8, 2019 | An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. | ||
| CVE-2018-9843 | Cri | 0.68 | 9.8 | 0.17 | Apr 12, 2018 | The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. | ||
| CVE-2018-13052 | Cri | 0.64 | 9.8 | 0.01 | Jul 5, 2018 | In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. | ||
| CVE-2025-22273 | Cri | 0.60 | — | 0.01 | Feb 28, 2025 | Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk… | ||
| CVE-2026-45176 | Hig | 0.58 | — | 0.00 | Jun 11, 2026 | Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific… | ||
| CVE-2026-45169 | Hig | 0.57 | — | 0.00 | Jun 12, 2026 | Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service… | ||
| CVE-2026-45172 | Hig | 0.57 | — | 0.01 | Jun 11, 2026 | Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17… | ||
| CVE-2026-45171 | Hig | 0.57 | — | 0.01 | Jun 11, 2026 | Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security… | ||
| CVE-2025-49831 | Cri | 0.57 | 9.8 | 0.01 | Jul 15, 2025 | An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few… | ||
| CVE-2025-49827 | Cri | 0.57 | 9.8 | 0.01 | Jul 15, 2025 | Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An… | ||
| CVE-2026-45174 | Hig | 0.55 | — | 0.00 | Jun 11, 2026 | Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19 | ||
| CVE-2026-45173 | Hig | 0.55 | — | 0.00 | Jun 11, 2026 | Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could… | ||
| CVE-2026-45175 | Hig | 0.55 | — | 0.00 | Jun 11, 2026 | Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could… | ||
| CVE-2026-45178 | Hig | 0.55 | — | 0.00 | Jun 11, 2026 | Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets… | ||
| CVE-2024-42340 | Hig | 0.54 | 8.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | ||
| CVE-2017-11197 | Hig | 0.54 | 7.8 | 0.01 | May 3, 2023 | In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. | ||
| CVE-2021-44049 | Hig | 0.51 | 7.8 | 0.00 | Jan 15, 2022 | CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. | ||
| CVE-2025-49828 | Hig | 0.50 | 8.8 | 0.02 | Jul 15, 2025 | Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker… | ||
| CVE-2020-4062 | Hig | 0.50 | 8.7 | 0.01 | Jun 22, 2020 | In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the… | ||
| CVE-2026-45170 | Hig | 0.49 | — | 0.00 | Jun 12, 2026 | Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17 | ||
| CVE-2021-31796 | Hig | 0.49 | 7.5 | 0.02 | Sep 2, 2021 | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually… | ||
| CVE-2025-22270 | Hig | 0.47 | — | 0.01 | Feb 28, 2025 | An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that… | ||
| CVE-2019-9627 | Hig | 0.46 | 7.0 | 0.00 | Mar 8, 2019 | A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. | ||
| CVE-2025-22271 | Med | 0.45 | — | 0.00 | Feb 28, 2025 | The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version… | ||
| CVE-2018-9842 | Med | 0.39 | 5.3 | 0.14 | Apr 12, 2018 | CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. | ||
| CVE-2020-25738 | Med | 0.36 | 5.5 | 0.00 | Nov 27, 2020 | CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | ||
| CVE-2025-49830 | Med | 0.35 | 6.5 | 0.01 | Jul 15, 2025 | Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to… | ||
| CVE-2025-49829 | Med | 0.35 | 6.5 | 0.00 | Jul 15, 2025 | Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager,… | ||
| CVE-2022-22700 | Med | 0.35 | 5.3 | 0.01 | Mar 3, 2022 | CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists… | ||
| CVE-2021-37151 | Med | 0.35 | 5.3 | 0.01 | Sep 1, 2021 | CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one… | ||
| CVE-2018-12903 | Med | 0.35 | 5.4 | 0.01 | Jun 26, 2018 | In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group… | ||
| CVE-2021-31797 | Med | 0.33 | 5.1 | 0.00 | Sep 2, 2021 | The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | ||
| CVE-2021-31798 | Med | 0.29 | 4.4 | 0.00 | Sep 2, 2021 | The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | ||
| CVE-2024-42339 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-42338 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-42337 | Med | 0.28 | 4.3 | 0.00 | Aug 25, 2024 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||
| CVE-2024-57967 | Med | 0.27 | 4.2 | 0.00 | Feb 3, 2025 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. | ||
| CVE-2024-54840 | Med | 0.27 | 4.2 | 0.00 | Feb 3, 2025 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. | ||
| CVE-2020-25374 | Low | 0.17 | 2.6 | 0.01 | Oct 28, 2020 | CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | ||
| CVE-2025-22272 | Low | 0.14 | — | 0.00 | Feb 28, 2025 | In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the… | ||
| CVE-2025-22274 | Low | 0.13 | — | 0.00 | Feb 28, 2025 | It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact… | ||
| CVE-2011-0459 | 0.00 | — | 0.01 | Oct 5, 2011 | Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.70cvss 9.8epss 0.40
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
- risk 0.68cvss 9.8epss 0.17
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
- risk 0.64cvss 9.8epss 0.01
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.
- risk 0.60cvss —epss 0.01
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk…
- risk 0.58cvss —epss 0.00
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific…
- risk 0.57cvss —epss 0.00
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service…
- risk 0.57cvss —epss 0.01
Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17…
- risk 0.57cvss —epss 0.01
Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security…
- risk 0.57cvss 9.8epss 0.01
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few…
- risk 0.57cvss 9.8epss 0.01
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An…
- risk 0.55cvss —epss 0.00
Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19
- risk 0.55cvss —epss 0.00
Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could…
- risk 0.55cvss —epss 0.00
Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could…
- risk 0.55cvss —epss 0.00
Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets…
- risk 0.54cvss 8.3epss 0.00
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
- risk 0.54cvss 7.8epss 0.01
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.
- risk 0.51cvss 7.8epss 0.00
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
- risk 0.50cvss 8.8epss 0.02
Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker…
- risk 0.50cvss 8.7epss 0.01
In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the…
- risk 0.49cvss —epss 0.00
Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17
- risk 0.49cvss 7.5epss 0.02
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually…
- risk 0.47cvss —epss 0.01
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that…
- risk 0.46cvss 7.0epss 0.00
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
- risk 0.45cvss —epss 0.00
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version…
- risk 0.39cvss 5.3epss 0.14
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.
- risk 0.36cvss 5.5epss 0.00
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
- risk 0.35cvss 6.5epss 0.01
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to…
- risk 0.35cvss 6.5epss 0.00
Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager,…
- risk 0.35cvss 5.3epss 0.01
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists…
- risk 0.35cvss 5.3epss 0.01
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one…
- risk 0.35cvss 5.4epss 0.01
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group…
- risk 0.33cvss 5.1epss 0.00
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.
- risk 0.29cvss 4.4epss 0.00
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.28cvss 4.3epss 0.00
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- risk 0.27cvss 4.2epss 0.00
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
- risk 0.27cvss 4.2epss 0.00
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
- risk 0.17cvss 2.6epss 0.01
CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.
- risk 0.14cvss —epss 0.00
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the…
- risk 0.13cvss —epss 0.00
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact…
- CVE-2011-0459Oct 5, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.