CVE-2020-25374

EPSS 0.16%
Published 28.10.2020 20:15:13
Last modified 21.11.2024 05:17:54
Source cve@mitre.org
Teams watchlist Login
Open Login

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Cyberark ≫ Privileged Session Manager Version10.9.0.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.331

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	1.2	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:N/AC:H/Au:S/C:P/I:N/A:N

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm

Vendor Advisory

Product

https://medium.com/%40virajmota38/full-path-disclosure-8a9358e5a867

https://nvd.nist.gov/vuln/detail/CVE-2020-25374

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25374

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25374

EUVD