exploitDog

CVE-2020-25738

Опубликовано: 27 нояб. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 1.9

EPSS Низкий

Описание

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.

Ссылки

https://gist.github.com/inc0d3/47294c1e73ef8cbdc098e739d086efbc
Exploit
Third Party Advisory
https://www.cyberark.com/resources/blog/introducing-cyberark-endpoint-privilege-manager
Vendor Advisory
https://gist.github.com/inc0d3/47294c1e73ef8cbdc098e739d086efbc
Exploit
Third Party Advisory
https://www.cyberark.com/resources/blog/introducing-cyberark-endpoint-privilege-manager
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cyberark:endpoint_privilege_manager:11.1.0.173:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.0006

Низкий

5.5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-5pc6-9cmx-jhrg

github

больше 3 лет назад

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.

EPSS

Процентиль: 19%

0.0006

Низкий

5.5 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-427