Skip to main content

Identity

7 CVEs product

Monthly

CVE-2024-42340 MEDIUM This Month

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42339 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42338 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-42337 MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2022-22700 MEDIUM POC This Month

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-37151 MEDIUM This Month

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2014-7366 MEDIUM This Month

The Identity (aka com.magzter.identity) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Identity
NVD
CVSS 2.0
5.4
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM This Month

CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Identity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Identity
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The Identity (aka com.magzter.identity) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.4). No vendor patch available.

Google Information Disclosure Identity
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy