PT-2020-16071 · Cyberark · Cyberark Privileged Session Manager

Published

2020-10-28

Updated

2020-12-02

CVE-2020-25374

CVSS v3.1

2.6

Low

Vector

AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CyberArk Privileged Session Manager (PSM) version 10.9.0.15

Description The issue allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time.

Recommendations For version 10.9.0.15, consider implementing a workaround to restrict access to error messages or limit the information disclosed in error popup messages until a fix is available.

Exploit

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-25374

Affected Products

Cyberark Privileged Session Manager

PT-2020-16071 · Cyberark · Cyberark Privileged Session Manager

CVE-2020-25374

Weakness Enumeration

Related Identifiers

Affected Products

References · 5