Hashicorp CVE-2024-57967
MEDIUMCVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
AnalysisAI
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-266. PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. Version information: before 14.4.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More from same product – last 7 days
Cross-Site Request Forgery in the Two-factor Authentication (formerly IP Vault) WordPress plugin versions up to and incl
Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged
Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated
Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write acce
Share
External POC / Exploit Code
Leaving vuln.today