VYPR

Vendor CVEs

Cyber Ark

All CVEs

42 total · sorted by risk
  • CVE-2019-7442CriMay 8, 2019
    risk 0.70cvss 9.8epss 0.40

    An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

  • CVE-2018-9843CriApr 12, 2018
    risk 0.68cvss 9.8epss 0.17

    The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

  • CVE-2018-13052CriJul 5, 2018
    risk 0.64cvss 9.8epss 0.01

    In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.

  • CVE-2025-22273CriFeb 28, 2025
    risk 0.60cvss epss 0.01

    Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk…

  • CVE-2026-45176HigJun 11, 2026
    risk 0.58cvss epss 0.00

    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulating an internal communication mechanism or file operation. Under specific…

  • CVE-2026-45169HigJun 12, 2026
    risk 0.57cvss epss 0.00

    Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service…

  • CVE-2026-45172HigJun 11, 2026
    risk 0.57cvss epss 0.01

    Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17…

  • CVE-2026-45171HigJun 11, 2026
    risk 0.57cvss epss 0.01

    Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security…

  • CVE-2025-49831CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few…

  • CVE-2025-49827CriJul 15, 2025
    risk 0.57cvss 9.8epss 0.01

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.22.0 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.5 and 13.6 are vulnerable to bypass of the IAM authenticator. An…

  • CVE-2026-45174HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initialization. CyberArk Security Bulletin: CA26-19

  • CVE-2026-45173HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could…

  • CVE-2026-45175HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could…

  • CVE-2026-45178HigJun 11, 2026
    risk 0.55cvss epss 0.00

    Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credentials could leverage these endpoints to potentially retrieve unauthorized secrets…

  • CVE-2024-42340HigAug 25, 2024
    risk 0.54cvss 8.3epss 0.00

    CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

  • CVE-2017-11197HigMay 3, 2023
    risk 0.54cvss 7.8epss 0.01

    In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option.

  • CVE-2021-44049HigJan 15, 2022
    risk 0.51cvss 7.8epss 0.00

    CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

  • CVE-2025-49828HigJul 15, 2025
    risk 0.50cvss 8.8epss 0.02

    Conjur provides secrets management and application identity for infrastructure. Conjur OSS versions 1.19.5 through 1.21.1 and Secrets Manager, Self-Hosted (formerly known as Conjur Enterprise) 13.1 through 13.4.1 are vulnerable to remote code execution An authenticated attacker…

  • CVE-2020-4062HigJun 22, 2020
    risk 0.50cvss 8.7epss 0.01

    In Conjur OSS Helm Chart before 2.0.0, a recently identified critical vulnerability resulted in the installation of the Conjur Postgres database with an open port. This allows an attacker to gain full read & write access to the Conjur Postgres database, including escalating the…

  • CVE-2026-45170HigJun 12, 2026
    risk 0.49cvss epss 0.00

    Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

  • CVE-2021-31796HigSep 2, 2021
    risk 0.49cvss 7.5epss 0.02

    An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually…

  • CVE-2025-22270HigFeb 28, 2025
    risk 0.47cvss epss 0.01

    An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that…

  • CVE-2019-9627HigMar 8, 2019
    risk 0.46cvss 7.0epss 0.00

    A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.

  • CVE-2025-22271MedFeb 28, 2025
    risk 0.45cvss epss 0.00

    The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version…

  • CVE-2018-9842MedApr 12, 2018
    risk 0.39cvss 5.3epss 0.14

    CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message.

  • CVE-2020-25738MedNov 27, 2020
    risk 0.36cvss 5.5epss 0.00

    CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.

  • CVE-2025-49830MedJul 15, 2025
    risk 0.35cvss 6.5epss 0.01

    Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to…

  • CVE-2025-49829MedJul 15, 2025
    risk 0.35cvss 6.5epss 0.00

    Conjur provides secrets management and application identity for infrastructure. Missing validations in Secrets Manager, Self-Hosted allows authenticated attackers to inject resources into the database and to bypass permission checks. This issue affects Secrets Manager,…

  • CVE-2022-22700MedMar 3, 2022
    risk 0.35cvss 5.3epss 0.01

    CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists…

  • CVE-2021-37151MedSep 1, 2021
    risk 0.35cvss 5.3epss 0.01

    CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one…

  • CVE-2018-12903MedJun 26, 2018
    risk 0.35cvss 5.4epss 0.01

    In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group…

  • CVE-2021-31797MedSep 2, 2021
    risk 0.33cvss 5.1epss 0.00

    The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure.

  • CVE-2021-31798MedSep 2, 2021
    risk 0.29cvss 4.4epss 0.00

    The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files.

  • CVE-2024-42339MedAug 25, 2024
    risk 0.28cvss 4.3epss 0.00

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-42338MedAug 25, 2024
    risk 0.28cvss 4.3epss 0.00

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-42337MedAug 25, 2024
    risk 0.28cvss 4.3epss 0.00

    CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

  • CVE-2024-57967MedFeb 3, 2025
    risk 0.27cvss 4.2epss 0.00

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.

  • CVE-2024-54840MedFeb 3, 2025
    risk 0.27cvss 4.2epss 0.00

    PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

  • CVE-2020-25374LowOct 28, 2020
    risk 0.17cvss 2.6epss 0.01

    CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

  • CVE-2025-22272LowFeb 28, 2025
    risk 0.14cvss epss 0.00

    In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the…

  • CVE-2025-22274LowFeb 28, 2025
    risk 0.13cvss epss 0.00

    It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact…

  • CVE-2011-0459Oct 5, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.