Pam Sh Vault
Monthly
Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. The flaw is a CWE-400 resource/input handling issue that produces a localized DoS rather than code execution or data exposure.
Denial of service in CyberArk Privileged Access Manager (PAM) Self-Hosted Vault allows remote attackers to terminate the Vault service by sending unexpected input under specific configuration scenarios, affecting versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. Disclosed by Palo Alto Networks (which now owns CyberArk) via Security Bulletin CA26-17 with no public exploit identified at time of analysis, the CVSS 4.0 base score of 8.7 reflects the network-reachable, unauthenticated attack path against a security-critical service. The flaw is a CWE-400 resource/input handling issue that produces a localized DoS rather than code execution or data exposure.