An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCyberark Enterprise Password Vault
APPCyberark≤ 10.7
Related vulnerabilities
CyberArk Conjur – pominięcie uwierzytelnienia przez przekierowanie ruchu (Auth Bypass)
CyberArk Conjur — bypass uwierzytelniania IAM przez błędne wyrażenie regularne
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker...
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers t...
CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege el...