Privileged Access Manager
CVE-2018-9029
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks.
AnalysisAI
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks. Affected products include: Broadcom Privileged Access Manager.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Privileged Access Manager
View allAn authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a re
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary com
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. R
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions wit
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with s
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today