NotCVE - vendor:"CyberArk" product:"Privileged Access Manager"

2 results (0.002 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-54840

https://notcve.org/view.php?id=CVE-2024-54840

03 Feb 2025 — PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. • https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes • CWE-348: Use of Less Trusted Source •

CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-57967

https://notcve.org/view.php?id=CVE-2024-57967

03 Feb 2025 — PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. • https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes • CWE-266: Incorrect Privilege Assignment •