Privileged Access Manager
CVE-2018-9021
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
AnalysisAI
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Privilege Management (CWE-269), which allows attackers to escalate privileges to gain unauthorized elevated access. An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests. Affected products include: Broadcom Privileged Access Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply principle of least privilege, validate privilege transitions, implement proper role separation.
More in Privileged Access Manager
View allAn authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL in
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a re
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary com
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. R
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions wit
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with s
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today