CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54840
https://notcve.org/view.php?id=CVE-2024-54840
03 Feb 2025 — PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. • https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes • CWE-348: Use of Less Trusted Source •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57967
https://notcve.org/view.php?id=CVE-2024-57967
03 Feb 2025 — PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. • https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-7392 – CA Privileged Access Manager Information Disclosure / Modification
https://notcve.org/view.php?id=CVE-2019-7392
13 Feb 2019 — An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration. Una vulnerabilidad de autenticación incorrecta en CA Privileged Access Manager, en sus versiones 3.x Web-UI jk-manager y jk-status, permite a un atacante remoto obtener acceso a información sensible o alterar la configuración. CA Technologies Support is alerting customers to a potential risk with CA Privileged Access Manag... • http://www.securityfocus.com/bid/107040 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9025 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9025
15 Jun 2018 — An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input. Una vulnerabilidad de validación de entradas en las versiones 2.x de CA Privileged Access Manager permite que los atacantes remotos envenenen archivos de registro con entradas especialmente manipuladas. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote a... • http://www.securityfocus.com/bid/104496 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 31%CPEs: 1EXPL: 3CVE-2018-9022 – Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2018-9022
15 Jun 2018 — An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file. Vulnerabilidad de omisión de autenticación en CA Privileged Access Manager en versiones 2.8.2 y anteriores permite que atacantes remotos ejecuten código o comandos arbitrarios envenenando un archivo de configuración. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. ... • https://packetstorm.news/files/id/155576 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 17%CPEs: 1EXPL: 3CVE-2018-9021 – Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2018-9021
15 Jun 2018 — An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Vulnerabilidad de omisión de autenticación en CA Privileged Access Manager en versiones 2.8.2 y anteriores permite que atacantes remotos ejecuten comandos arbitrarios con peticiones especialmente manipuladas. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabi... • https://packetstorm.news/files/id/155576 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9029 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9029
15 Jun 2018 — An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. Vulnerabilidad de validación de entradas incorrecta en las versiones 2.x de CA Privileged Access Manager permite que atacantes remotos lleven a cabo ataques de inyección SQL. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of att... • http://www.securityfocus.com/bid/104496 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9023 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9023
15 Jun 2018 — An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary commands by passing specially crafted arguments to the update_crld script. Una vulnerabilidad de validación de entradas en las versiones 2.x de CA Privileged Access Manager permite que usuarios sin privilegios ejecuten comandos arbitrarios pasando argumentos especialmente manipulados al script update_crld. CA Technologies Support is alerting customers to multiple potential risks with CA Privi... • http://www.securityfocus.com/bid/104496 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9028 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9028
15 Jun 2018 — Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. La criptografía débil usada para contraseñas en las versiones 2.x de CA Privileged Access Manager reduce la complejidad a la hora de adivinar contraseñas. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulner... • http://www.securityfocus.com/bid/104496 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9026 – CA Privileged Access Manager 2.x Code Execution
https://notcve.org/view.php?id=CVE-2018-9026
15 Jun 2018 — A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions with a specially crafted request. Una vulnerabilidad de fijación de sesión en las versiones 2.x de CA Privileged Access Manager permite que los atacantes remotos secuestren sesiones de usuario con una petición especialmente manipulada. CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a re... • http://www.securityfocus.com/bid/104496 • CWE-384: Session Fixation •