PT-2018-19067 · Cyberark · Cyberark Password Vault Web Access

Published

2018-04-12

Updated

2019-02-27

CVE-2018-9843

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CyberArk Password Vault Web Access versions prior to 9.9.5 CyberArk Password Vault Web Access versions 10.x prior to 10.1

Description The issue allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header. This is related to the REST API in CyberArk Password Vault Web Access.

Recommendations For versions prior to 9.9.5, update to version 9.9.5 or later. For versions 10.x prior to 10.1, update to version 10.1 or later.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-9843

Affected Products

Cyberark Password Vault Web Access

PT-2018-19067 · Cyberark · Cyberark Password Vault Web Access

CVE-2018-9843

Weakness Enumeration

Related Identifiers

Affected Products

References · 7