Lucene search

Password Vault Security Vulnerabilities

cve

CVE-2011-0459

Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified...

5.8AI Score

0.002EPSS

2022-10-03 04:15 PM

cve

CVE-2020-14981

The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate...

5.9CVSS

5.5AI Score

0.001EPSS

2020-06-22 06:15 PM

cve

CVE-2019-13380

KEYNTO Team Password Manager 1.5.0 allows XSS because data saved from websites is mishandled in the online...

6.1CVSS

5.9AI Score

0.001EPSS

2019-07-09 09:15 PM

104

cve

CVE-2019-7442

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication...

9.8CVSS

9.3AI Score

0.068EPSS

2019-05-08 09:29 PM

cve

CVE-2018-9843

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP...

9.8CVSS

9.6AI Score

0.715EPSS

2018-04-12 03:29 PM

cve

CVE-2018-9842

CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon...

5.3CVSS

4.9AI Score

0.155EPSS

2018-04-12 03:29 PM