CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14981
https://notcve.org/view.php?id=CVE-2020-14981
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. La aplicación ThreatTrack VIPRE Password Vault versiones hasta 1.100.1090 para iOS, presenta una Falta de Comprobación del Certificado SSL • http://packetstormsecurity.com/files/158323/VIPRE-Password-Vault-1.100.1090-Man-In-The-Middle.html https://www.info-sec.ca/advisories/Vipre-Password-Vault.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 71%CPEs: 2EXPL: 4CVE-2018-9843 – CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-9843
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. La API REST en CyberArk Password Vault Web Access, en versiones anteriores a la 9.9.5 y en versiones 10.x anteriores a la 10.1, permite que atacantes remotos ejecuten código arbitrario mediante un objeto .NET serializado en una cabecera Authorization HTTP. The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected. • https://www.exploit-db.com/exploits/44429 http://seclists.org/fulldisclosure/2018/Apr/18 http://www.securityfocus.com/archive/1/541932/100/0/threaded http://www.securitytracker.com/id/1040675 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 9%CPEs: 1EXPL: 5CVE-2018-9842 – CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
https://notcve.org/view.php?id=CVE-2018-9842
CyberArk Password Vault before 9.7 allows remote attackers to obtain sensitive information from process memory by replaying a logon message. CyberArk Password Vault, en versiones anteriores a la 9.7, permite que atacantes remotos obtengan información sensible de la memoria del proceso mediante la repetición de un mensaje logon. CyberArk Password Vault versions prior to 9.7 and 10 suffer from a memory disclosure vulnerability. • https://www.exploit-db.com/exploits/44428 https://www.exploit-db.com/exploits/44829 https://www.exploit-db.com/exploits/45926 http://seclists.org/fulldisclosure/2018/Apr/19 http://www.securityfocus.com/archive/1/541931/100/0/threaded http://www.securitytracker.com/id/1040674 https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-015/-cyberark-password-vault-memory-disclosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •