ID CVE-2018-9843
Summary The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
References
Vulnerable Configurations
  • cpe:2.3:a:cyberark:password_vault:*:*:*:*:*:*:*:*
    cpe:2.3:a:cyberark:password_vault:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 27-02-2019 - 20:26)
Impact:
Exploitability:
CWE CWE-502
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20180409 [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution
exploit-db 44429
fulldisc 20180409 [RT-SA-2017-014] CyberArk Password Vault Web Access Remote Code Execution
misc https://www.redteam-pentesting.de/en/advisories/rt-sa-2017-014/-cyberark-password-vault-web-access-remote-code-execution
sectrack 1040675
Last major update 27-02-2019 - 20:26
Published 12-04-2018 - 15:29
Back to Top