Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyberark endpoint privilege manager vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-13052
In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin.
Cyberark Endpoint Privilege Manager -
6.9
CVSSv2
CVE-2019-9627
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions before 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
Cyberark Endpoint Privilege Manager
4.6
CVSSv2
CVE-2018-14894
CyberArk Endpoint Privilege Manager 10.2.1.603 and previous versions allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
Cyberark Endpoint Privilege Manager
1 EDB exploit
6.9
CVSSv2
CVE-2021-44049
CyberArk Endpoint Privilege Manager (EPM) up to and including 11.5.3.328 prior to 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.
Cyberark Endpoint Privilege Manager
1.9
CVSSv2
CVE-2020-25738
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows malicious users to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
Cyberark Endpoint Privilege Manager 11.1.0.173
3.5
CVSSv2
CVE-2018-12903
In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Gr...
Cyberark Endpoint Privilege Manager 10.2.1.603
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started