← back
CVE-2019-7442

CVE-2019-7442

EPSS 40.0%
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/46828unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-10.7-XML-External-Entity-Injection.htmlhttps://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/