An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCyberark Enterprise Password Vault
APPCyberark≤ 10.7
Powiązane podatności
CyberArk Conjur – pominięcie uwierzytelnienia przez przekierowanie ruchu (Auth Bypass)
CyberArk Conjur — bypass uwierzytelniania IAM przez błędne wyrażenie regularne
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker...
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers t...
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege el...