5 matches found
CVE-2025-22273
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22273
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager
Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This issue affects CyberArk Endpoint Privilege...
CVE-2025-22273
CVE-2025-22273 affects CyberArk Endpoint Privilege Manager SaaS v24.7.1. The vulnerability is a lack of rate limiting on the ChangePassword endpoint (/EPMUI/VfManager.asmx/ChangePassword), enabling brute-force attempts on the current password. CVSS v4.0 base score 9.3 (CRITICAL); vector: AV:N/AC:...