CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 2CVE-2019-7442 – CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. Una vulnerabilidad de entidad externa XML (XXE) en el Password Vault Web Access (PVWA) de CyberArk Enterprise Password Vault, versiones anteriores e incluyendo a 10.7, permite a los atacantes remotos leer archivos arbitrarios o potencialmente pasar por alto la autenticación a través de una DTD creada en el sistema de autenticación SAML. CyberArk Enterprise Password Vault versions 10.7 and below suffer from an XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/46828 http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection • CWE-611: Improper Restriction of XML External Entity Reference •