Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cyberark — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting cyberark. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CyberArk provides privileged access management solutions designed to secure, control, and monitor access to critical IT infrastructure. The software’s architecture, which manages sensitive credentials and session recordings, makes it a high-value target for attackers seeking to escalate privileges or exfiltrate data. Historical vulnerability assessments reveal a pattern of critical flaws, including remote code execution and privilege escalation bugs, with approximately twenty CVEs currently on record. These defects often stem from complex integration points or improper input validation within the central vault components. While the company maintains robust security practices, past incidents highlight the risks associated with centralized credential repositories. The presence of multiple high-severity vulnerabilities underscores the importance of rigorous patch management and continuous monitoring for organizations relying on its platform to protect enterprise secrets and maintain operational integrity against sophisticated threat actors.

Top products by cyberark: Endpoint Privilege Manager conjur CyberArk Identity Management Privileged Access Manager Conjur OSS Helm Chart Identity IDP CyberArk Secure Web Sessions Extension
CVE IDTitleCVSSSeverityPublished
CVE-2025-13762 Client-Side Denial of Service Condition in SWS Extension prior to version 2.2.30305 — CyberArk Secure Web Sessions ExtensionCWE-20 7.5 -2025-11-27
CVE-2025-46382 CyberArk IDP 信息泄露漏洞 — IDPCWE-200 5.3 Medium2025-07-20
CVE-2025-49831 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to IAM Authenticator Bypass via Mis-configured Network Device — conjurCWE-287 9.3AICriticalAI2025-07-15
CVE-2025-49830 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) vulnerable to path traversal and file disclosure — conjurCWE-22 4.3AIMediumAI2025-07-15
CVE-2025-49829 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) missing validations — conjurCWE-862 8.1AIHighAI2025-07-15
CVE-2025-49828 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Remote Code Execution — conjurCWE-1336 8.8AIHighAI2025-07-15
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator — conjurCWE-807 8.2AIHighAI2025-07-15
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager — Endpoint Privilege ManagerCWE-80 5.4 -2025-02-28
CVE-2025-22273 Lack of rate-limiting in password change mechanism in CyberArk Endpoint Privilege Manager — Endpoint Privilege ManagerCWE-770 9.8 -2025-02-28
CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager — Endpoint Privilege ManagerCWE-79 8.2 -2025-02-28
CVE-2025-22271 IP Spoofing in CyberArk Endpoint Privilege Manager — Endpoint Privilege ManagerCWE-290 7.5 -2025-02-28
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager — Endpoint Privilege ManagerCWE-79 4.8 -2025-02-28
CVE-2024-57967 CyberArk Privileged Access Manager Self-Hosted 安全漏洞 — Privileged Access ManagerCWE-266 4.2 Medium2025-02-03
CVE-2024-54840 CyberArk Privileged Access Manager Self-Hosted 安全漏洞 — Privileged Access ManagerCWE-348 4.2 Medium2025-02-03
CVE-2024-42340 CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security — CyberArk Identity ManagementCWE-602 8.3 High2024-08-25
CVE-2024-42339 CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor — CyberArk Identity ManagementCWE-200 4.3 Medium2024-08-25
CVE-2024-42338 CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor — CyberArk Identity ManagementCWE-200 4.3 Medium2024-08-25
CVE-2024-42337 CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor — CyberArk Identity ManagementCWE-200 4.3 Medium2024-08-25
CVE-2021-37151 CyberArk Identity 授权问题漏洞 — Identity 5.3 -2021-09-01
CVE-2020-4062 Improper Access Control in Conjur OSS Helm Chart — Conjur OSS Helm ChartCWE-284 8.7 High2020-06-22

This page lists every published CVE security advisory associated with cyberark. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.