9.8
CVSSv3

CVE-2018-9843

Published: 12/04/2018 Updated: 27/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The REST API in CyberArk Password Vault Web Access prior to 9.9.5 and 10.x prior to 10.1 allows remote malicious users to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cyberark password vault

Exploits

Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized NET objects By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server Details ======= Product: CyberArk Password ...
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized NET objects By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server Versions prior to 995, prior to 101, and 101 are affected ...