Lucene search

[email protected]NVD:CVE-2020-25374

HistoryOct 28, 2020 - 8:15 p.m.

CVE-2020-25374

2020-10-2820:15:13

CWE-613

[email protected]

web.nvd.nist.gov

cyberark

psm

10.9.0.15

internal pathnames

idle session error

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

Affected configurations

Nvd

Node

cyberarkprivileged_session_managerMatch10.9.0.15

VendorProductVersionCPE
cyberarkprivileged_session_manager10.9.0.15cpe:2.3:a:cyberark:privileged_session_manager:10.9.0.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cyberark	privileged_session_manager	10.9.0.15	cpe:2.3:a:cyberark:privileged_session_manager:10.9.0.15:::::::*

References

docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm

medium.com/%40virajmota38/full-path-disclosure-8a9358e5a867

CVSS2

2.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:N/A:N

CVSS3

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2020-25374

cvelist1 cve1 prion1