76 matches found
CVE-2018-14894
CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker who is able to edit permissions of a file to bypass intended access restrictions and execute blocked applications...
CVE-2018-14894
CVE-2018-14894 affects CyberArk Endpoint Privilege Manager (EPM) 10.2.1.603 and earlier. The vulnerability lets an attacker who can edit a file’s permissions bypass access restrictions and execute applications that EPM would block. Public exploitation details in connected sources describe bypass ...
Buffer overflow
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker without Administrator privileges to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path...
CVE-2019-9627
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker without Administrator privileges to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path...
CVE-2019-9627
CVE-2019-9627 affects CyberArk Endpoint Privilege Manager (EPM) with the kernel driver CybKernelTracker.sys. A buffer overflow in the non-paged pool occurs when loading an image (e.g., DLL) with a long path, on EPM versions prior to 10.7. This can allow an unprivileged user (no Administrator righ...
CVE-2019-9627
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker without Administrator privileges to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path. Recent assessments:...
CyberArk Endpoint Privilege Manager Elevation of Privilege Vulnerability
CyberArk Endpoint Privilege Manager formerly Viewfinity is a privilege management software from CyberArk Software. The software includes features such as privilege management, application control, and credential loss protection. A security vulnerability exists in CyberArk Endpoint Privilege...
Privilege escalation
In CyberArk Endpoint Privilege Manager formerly Viewfinity, Privilege Escalation is possible if the attacker has one process that executes as Admin...
CVE-2018-13052
In CyberArk Endpoint Privilege Manager formerly Viewfinity, Privilege Escalation is possible if the attacker has one process that executes as Admin...
CVE-2018-13052
CVE-2018-13052 affects CyberArk Endpoint Privilege Manager (formerly Viewfinity). It enables privilege escalation if an attacker has one process running as Admin, allowing escalation to higher privileges. Connected sources indicate a high-severity (CVSSv3: 9.8, CRITICAL) vulnerability with networ...
CVE-2018-13052
In CyberArk Endpoint Privilege Manager formerly Viewfinity, Privilege Escalation is possible if the attacker has one process that executes as Admin...
CVE-2018-12903
In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...
Privilege escalation
In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...
CVE-2018-12903
In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...
CVE-2018-12903
CVE-2018-12903 concerns CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603. The vulnerability is a persistent cross‑site scripting (XSS) found on UI surfaces: the create token screen, VfManager.asmx SelectAccounts->DisplayName, user groups on ConfigurationPage, the Dialog Tit...
CVE-2018-12903
In CyberArk Endpoint Privilege Manager formerly Viewfinity 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts-DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application...