exploitDog

GHSA-897c-mv4m-8fjj

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

Ссылки

EPSS

Процентиль: 96%

0.23987

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502

Связанные уязвимости

CVE-2018-9843

CVSS3: 9.8

nvd

почти 8 лет назад

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

EPSS

Процентиль: 96%

0.23987

Средний

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-502