Published: 08/05/2019 Updated: 10/05/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote malicious users to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cyberark enterprise password vault

# Exploit Title: CyberArk XML External Entity (XXE) Injection in SAML authentication # Date: 10/05/2019 # Exploit Author: Marcelo Toran (@spamv) # Vendor Homepage: wwwcyberarkcom # Version: <=107 # CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged access security solution to st ...

CyberArk Enterprise Password Vault versions 107 and below suffer from an XML external entity injection vulnerability ...

CWE-611 https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/46828

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-7442

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect