Cyberark

Identity

6 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-42340

  • EPSS 0.08%
  • Published 25.08.2024 08:15:03
  • Last modified 30.08.2024 19:47:36

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security

4.3

CVE-2024-42339

  • EPSS 0.11%
  • Published 25.08.2024 07:15:11
  • Last modified 30.08.2024 19:47:13

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

4.3

CVE-2024-42338

  • EPSS 0.14%
  • Published 25.08.2024 07:15:10
  • Last modified 30.08.2024 19:47:46

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

6.5

CVE-2024-42337

  • EPSS 0.11%
  • Published 25.08.2024 07:15:08
  • Last modified 30.08.2024 19:47:49

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

5.3

CVE-2022-22700

Exploit
  • EPSS 0.26%
  • Published 03.03.2022 19:15:08
  • Last modified 21.11.2024 06:47:16

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to de...

5.3

CVE-2021-37151

  • EPSS 0.23%
  • Published 01.09.2021 13:15:08
  • Last modified 21.11.2024 06:14:44

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a val...