76 matches found
CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager
In the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, it is possible to inject code in the "modalDlgMsgInternal" parameter via POST, which is then executed in the browser. The risk of exploiting vulnerability is reduced due to the required additional bypassing the...
CVE-2025-22271
CVE-2025-22271 affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The issue allows an attacker to spoof the client’s IP by supplying a value in the X-Forwarded-For header, which degrades accountability of action logging in the application. Other versions are listed as unknown. Pu...
CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager
The application or its infrastructure allows for IP address spoofing by providing its own value in the "X-Forwarded-For" header. Thus, the action logging mechanism in the application loses accountability This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of...
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager
An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the...
CVE-2025-22270
CVE-2025-22270 affects CyberArk Endpoint Privilege Manager (EPM) SaaS 24.7.1. An attacker with admin access to the Role Management UI can inject code by adding a new role in the name field. The risk is mitigated by an additional error that bypasses CSP, which prevents JavaScript execution but all...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
PT-2025-9091 · Cyberark · Cyberark Endpoint Privilege Manager
Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager in SaaS version 24.7.1 Description: The issue concerns code injection in the "modalDlgMsgInternal" parameter via POST in the "/EPMUI/ModalDlgHandler.ashx?value=showReadonlyDlg" endpoint, which is then...
PT-2025-9093 · Cyberark · Cyberark Endpoint Privilege Manager
Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager version 24.7.1 Description: The issue allows for HTML code injection into the page content through the content field in the Application definition page. The estimated number of potentially affected devices...
CyberArk Endpoint Privilege Manager 安全漏洞
CyberArk Endpoint Privilege Manager is a privilege management software from the Israeli company CyberArk. The software includes features such as privilege management, application control and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege Manager version...
CVE-2021-44049
CyberArk Endpoint Privilege Manager EPM through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory...
CVE-2021-44049
CyberArk Endpoint Privilege Manager EPM through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory...
CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) vulnerable through version 11.5.3.328 (before 2021-12-20). A local user can escalate privileges by abusing a Trojan horse Procmon64.exe placed in the user’s Temp directory. Affected component: EPM product executable/process handling in local user context;...
CVE-2021-44049
CyberArk Endpoint Privilege Manager EPM through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory...
CVE-2020-25738
CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...
Design/Logic Flaw
CyberArk Endpoint Privilege Manager EPM 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database...
Cyberark Software Endpoint Privilege Manager Code Issue Vulnerability
Cyberark Software CyberArk Software Endpoint Privilege Manager formerly Viewfinity is a privilege management software from CyberArk Software Cyberark Software, Israel. The software includes features such as privilege management, application control, and credential loss protection. A security...
CyberArk Software CyberArk Endpoint Privilege Manager Access Bypass Vulnerability
CyberArk Software Endpoint Privilege Manager formerly Viewfinity is a privilege management software from CyberArk Software, Israel. The software includes features such as privilege management, application control, and credential loss protection. A security vulnerability exists in CyberArk Softwar...