Skip to main content

Enterprise Password Vault

1 CVEs product

Monthly

CVE-2019-7442 CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Hashicorp Enterprise Password Vault
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
40.0%
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Hashicorp Enterprise Password Vault
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy