CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-12903
https://notcve.org/view.php?id=CVE-2018-12903
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard. En CyberArk Endpoint Privilege Manager (antiguamente Viewfinity) 10.2.1.603, existe Cross-Site Scripting (XSS) mediante un nombre de cuenta en la pantalla "create token", la pantalla "SelectAccounts->DisplayName" de VfManager.asmx, los grupos de un usuario en ConfigurationPage, el campo Dialog Title y App Group Name en el asistente de Application Group.. • http://code610.blogspot.com/2018/06/exploiting-cyberark-1021603.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 65%CPEs: 2EXPL: 4CVE-2018-9843 – CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-9843
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. La API REST en CyberArk Password Vault Web Access, en versiones anteriores a la 9.9.5 y en versiones 10.x anteriores a la 10.1, permite que atacantes remotos ejecuten código arbitrario mediante un objeto .NET serializado en una cabecera Authorization HTTP. The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected. • https://www.exploit-db.com/exploits/44429 http://seclists.org/fulldisclosure/2018/Apr/18 http://www.securityfocus.com/archive/1/541932/100/0/threaded http://www.securitytracker.com/id/1040675 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 6%CPEs: 1EXPL: 5CVE-2018-9842 – CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
https://notcve.org/view.php?id=CVE-2018-9842
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. CyberArk Password Vault, en versiones anteriores a la 9.7, permite que atacantes remotos obtengan información sensible de la memoria del proceso mediante la repetición de un mensaje logon. CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability. • https://www.exploit-db.com/exploits/44428 https://www.exploit-db.com/exploits/44829 https://www.exploit-db.com/exploits/45926 http://seclists.org/fulldisclosure/2018/Apr/19 http://www.securityfocus.com/archive/1/541931/100/0/threaded http://www.securitytracker.com/id/1040674 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •