Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/02 1:25 p.m.21 views

CVE-2025-22273

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...

9.3CVSS6.4AI score0.0057EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 1:15 p.m.9 views

CVE-2025-22273

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...

9.3CVSS0.0057EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/28 12:33 p.m.5 views

CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...

9.3CVSS6.7AI score0.0057EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/28 12:33 p.m.26 views

CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager

Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...

9.3CVSS0.0057EPSS
Exploits0References3
CVE
CVE
added 2025/02/28 12:33 p.m.944 views

CVE-2025-22273

CVE-2025-22273 affects CyberArk Endpoint Privilege Manager SaaS v24.7.1. The vulnerability is a lack of rate limiting on the ChangePassword endpoint (/EPMUI/VfManager.asmx/ChangePassword), enabling brute-force attempts on the current password. CVSS v4.0 base score 9.3 (CRITICAL); vector: AV:N/AC:...

9.3CVSS6.7AI score0.0057EPSS
Exploits0References3
Rows per page
Query Builder