CVE-2019-7442 – CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2019-7442
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system. Una vulnerabilidad de entidad externa XML (XXE) en el Password Vault Web Access (PVWA) de CyberArk Enterprise Password Vault, versiones anteriores e incluyendo a 10.7, permite a los atacantes remotos leer archivos arbitrarios o potencialmente pasar por alto la autenticación a través de una DTD creada en el sistema de autenticación SAML. CyberArk Enterprise Password Vault versions 10.7 and below suffer from an XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/46828 http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-9843 – CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-9843
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. La API REST en CyberArk Password Vault Web Access, en versiones anteriores a la 9.9.5 y en versiones 10.x anteriores a la 10.1, permite que atacantes remotos ejecuten código arbitrario mediante un objeto .NET serializado en una cabecera Authorization HTTP. The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected. • https://www.exploit-db.com/exploits/44429 http://seclists.org/fulldisclosure/2018/Apr/18 http://www.securityfocus.com/archive/1/541932/100/0/threaded http://www.securitytracker.com/id/1040675 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution • CWE-502: Deserialization of Untrusted Data •
CVE-2018-9842 – CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
https://notcve.org/view.php?id=CVE-2018-9842
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. CyberArk Password Vault, en versiones anteriores a la 9.7, permite que atacantes remotos obtengan información sensible de la memoria del proceso mediante la repetición de un mensaje logon. CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability. • https://www.exploit-db.com/exploits/44428 https://www.exploit-db.com/exploits/44829 https://www.exploit-db.com/exploits/45926 http://seclists.org/fulldisclosure/2018/Apr/19 http://www.securityfocus.com/archive/1/541931/100/0/threaded http://www.securitytracker.com/id/1040674 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •