Описание
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
Ссылки
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 22.1 (включая)
cpe:2.3:a:cyberark:identity:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00256
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
EPSS
Процентиль: 49%
0.00256
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-330