CyberArk IDP 信息泄露漏洞

CyberArk IDP is a single sign-on software from CyberArk Israel. CyberArk IDP suffers from an information disclosure vulnerability that originates from the exposure of sensitive information to unauthorized participants...

CVE-2025-22273

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...