Skip to main content
CVE-2018-9843 CRITICAL POC THREAT Act Now

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp Deserialization RCE Password Vault
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy