Pam Self Hosted Privilege Cloud
Monthly
Authenticated command injection in CyberArk Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 allows low-privileged users to execute arbitrary OS commands on the PSMP host. Because PSMP brokers privileged SSH sessions to downstream targets, code execution on this host can pivot an attacker from a constrained PAM user into the operator of the privileged-access tier. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.7 reflects high confidentiality and integrity impact on the vulnerable system.
Authenticated command injection in CyberArk Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6 allows low-privileged users to execute arbitrary OS commands on the PSMP host. Because PSMP brokers privileged SSH sessions to downstream targets, code execution on this host can pivot an attacker from a constrained PAM user into the operator of the privileged-access tier. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the CVSS 4.0 base score of 8.7 reflects high confidentiality and integrity impact on the vulnerable system.