CVE-2017-11197 – CyberArk Viewfinity 5.5.10.95 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-11197
In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. • https://www.exploit-db.com/exploits/42319 http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf •
CVE-2022-22700
https://notcve.org/view.php?id=CVE-2022-22700
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. CyberArk Identity versiones hasta la 22.1 incluyéndola, en el recurso "StartAuthentication", exponen el encabezado de respuesta "X-CFY-TX-TM". En determinadas configuraciones, ese encabezado de respuesta contiene diferentes rangos de valores predecibles que pueden ser usados para determinar si un usuario se presenta en el tenant • https://docs.cyberark.com/Product-Doc/OnlineHelp/Idaptive/Latest/en/Content/ReleaseNotes/ReleaseNotes-Latest.htm https://fluidattacks.com/advisories/porter • CWE-330: Use of Insufficiently Random Values •
CVE-2021-44049
https://notcve.org/view.php?id=CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory. CyberArk Endpoint Privilege Manager (EPM) versiones hasta 11.5.3.328 anteriores a 20-12-2021, permite a un usuario local alcanzar privilegios elevados por medio de un troyano Procmon64.exe en el directorio Temp del usuario • https://docs.cyberark.com/Product-Doc/OnlineHelp/EPM-onprem/Latest/en/Content/Release%20Notes/RN-WhatsNew.htm https://hencohen10.medium.com/cyberark-endpoint-manager-local-privilege-escalation-cve-2021-44049-67cd5e62c3d2 https://www.cyberark.com/ca21-34 https://www.cyberark.com/product-security • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2021-31796
https://notcve.org/view.php?id=CVE-2021-31796
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. Una vulnerabilidad de cifrado inadecuado detectada en CyberArk Credential Provider versiones anteriores a 12.1, puede conllevar a una Divulgación de Información. Un atacante puede tener, de forma realista, suficiente información como para que el número de claves posibles (para un archivo de credenciales) sea sólo uno, y el número no suele ser superior a 2^36 • http://packetstormsecurity.com/files/164023/CyberArk-Credential-File-Insufficient-Effective-Key-Space.html http://seclists.org/fulldisclosure/2021/Sep/1 https://korelogic.com/Resources/Advisories/KL-001-2021-008.txt https://www.cyberark.com/resources/blog • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2021-31798
https://notcve.org/view.php?id=CVE-2021-31798
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. El espacio de claves efectivo usado para cifrar la caché en CyberArk Credential Provider versiones anteriores a 12.1, presenta una entropía baja, y en determinadas condiciones un usuario local malicioso puede obtener el texto plano de los archivos de la caché • http://packetstormsecurity.com/files/164035/CyberArk-Credential-Provider-Local-Cache-Decryption.html http://seclists.org/fulldisclosure/2021/Sep/3 https://korelogic.com/Resources/Advisories/KL-001-2021-010.txt https://www.cyberark.com/resources/blog • CWE-331: Insufficient Entropy •