CVE-2020-25374 - CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames

CVE-2020-25374

Summary

CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

References

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm
https://medium.com/@virajmota38/full-path-disclosure-8a9358e5a867

Vulnerable Configurations

cpe:2.3:a:cyberark:privileged_session_manager:10.9.0.15:*:*:*:*:*:*:*
cpe:2.3:a:cyberark:privileged_session_manager:10.9.0.15:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 02-12-2020 - 18:34)
Impact:
Exploitability:

CWE

CWE-613

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:S/C:P/I:N/A:N

refmap via4

misc

https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20SysReq/System%20Requirements%20-%20PSM.htm
https://medium.com/@virajmota38/full-path-disclosure-8a9358e5a867

Last major update

02-12-2020 - 18:34

Published

28-10-2020 - 20:15

Last modified

02-12-2020 - 18:34