Privileged Access Manager
CVE-2024-54840
MEDIUM
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
AnalysisAI
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-348. PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection. Affected products include: Cyberark Privileged Access Manager. Version information: before 14.4.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Privileged Access Manager
View allAn authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to exec
An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL in
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a re
An input validation vulnerability in CA Privileged Access Manager 2.x allows unprivileged users to execute arbitrary com
Weak cryptography used for passwords in CA Privileged Access Manager 2.x reduces the complexity for password cracking. R
A session fixation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to hijack user sessions wit
An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with s
An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a
Same weakness CWE-348 – Use of Less Trusted Source
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today