CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14981 – VIPRE Password Vault 1.100.1090 Man-In-The-Middle
https://notcve.org/view.php?id=CVE-2020-14981
22 Jun 2020 — The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. La aplicación ThreatTrack VIPRE Password Vault versiones hasta 1.100.1090 para iOS, presenta una Falta de Comprobación del Certificado SSL VIPRE Password Vault iOS application versions 1.100.1090 and below suffer from a man-in-the-middle vulnerability due to a lack of validation of SSL certificates. • http://packetstormsecurity.com/files/158323/VIPRE-Password-Vault-1.100.1090-Man-In-The-Middle.html • CWE-295: Improper Certificate Validation •
CVSS: 5.3EPSS: 28%CPEs: 1EXPL: 7CVE-2018-9842 – CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
https://notcve.org/view.php?id=CVE-2018-9842
09 Apr 2018 — CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. CyberArk Password Vault, en versiones anteriores a la 9.7, permite que atacantes remotos obtengan información sensible de la memoria del proceso mediante la repetición de un mensaje logon. CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability. • https://packetstorm.news/files/id/148034 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 56%CPEs: 2EXPL: 5CVE-2018-9843 – CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-9843
09 Apr 2018 — The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. La API REST en CyberArk Password Vault Web Access, en versiones anteriores a la 9.9.5 y en versiones 10.x anteriores a la 10.1, permite que atacantes remotos ejecuten código arbitrario mediante un objeto .NET serializado en una cabecera Authorization HTTP. The CyberArk Password Vault Web Access application uses au... • https://packetstorm.news/files/id/147105 • CWE-502: Deserialization of Untrusted Data •