Vulnerabilities in CyberArk
20 resultsCVE-2025-49828HIGHConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code ExecutionEPSS 2.0%CVE-2020-4062HIGHImproper Access Control in Conjur OSS Helm ChartEPSS 1.4%CVE-2025-49827CRITICALConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM AuthenticatorEPSS 1.4%CVE-2025-49831CRITICALConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network DeviceEPSS 1.2%CVE-2021-37151—CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain autEPSS 0.8%CVE-2025-22270HIGHStored XSS in CyberArk Endpoint Privilege ManagerEPSS 0.6%CVE-2025-22273CRITICALLack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege ManagerEPSS 0.6%CVE-2025-49830HIGHConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosureEPSS 0.5%CVE-2025-22274LOWHTML injection in CyberArk Endpoint Privilege ManagerEPSS 0.4%CVE-2025-22272LOWSelf Reflected XSS in CyberArk Endpoint Privilege ManagerEPSS 0.4%CVE-2025-22271MEDIUMIP Spoofing in CyberArk Endpoint Privilege ManagerEPSS 0.4%CVE-2025-49829MEDIUMConjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validationsEPSS 0.4%CVE-2024-42340HIGHCyberArk - CWE-602: Client-Side Enforcement of Server-Side SecurityEPSS 0.3%CVE-2024-42337MEDIUMCyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.3%CVE-2024-42338MEDIUMCyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.3%CVE-2024-42339MEDIUMCyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.3%CVE-2025-46382MEDIUMCWE-200 Exposure of Sensitive Information to an Unauthorized ActorEPSS 0.3%CVE-2024-57967MEDIUMPVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mEPSS 0.2%CVE-2024-54840MEDIUMPVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues EPSS 0.1%CVE-2025-13762MEDIUMClient-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305EPSS 0.1%