Skip to main content

Endpoint Privilege Manager

6 CVEs product

Monthly

CVE-2026-2914 HIGH This Week

Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-66374 HIGH This Week

Endpoint Privilege Manager versions up to 25.10.0 is affected by improper privilege management (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2020-25738 MEDIUM POC This Month

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Endpoint Privilege Manager
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2019-9627 HIGH This Week

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Memory Corruption Endpoint Privilege Manager
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2018-13052 CRITICAL Act Now

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-12903 MEDIUM POC This Month

In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Endpoint Privilege Manager
NVD
CVSS 3.0
5.4
EPSS
0.6%
EPSS 0% CVSS 7.8
HIGH This Week

Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Endpoint Privilege Manager versions up to 25.10.0 is affected by improper privilege management (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Endpoint Privilege Manager
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Memory Corruption Endpoint Privilege Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In CyberArk Endpoint Privilege Manager (formerly Viewfinity), Privilege Escalation is possible if the attacker has one process that executes as Admin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Endpoint Privilege Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Endpoint Privilege Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy