CVE-2024-54840

Name of the Vulnerable Software and Affected Versions CyberArk Privileged Access Manager Self-Hosted versions prior to 14.4

Description The issue arises from inadequate handling of environment problems that can lead to Host header injection. This can potentially allow attackers to manipulate the Host header, which could lead to security issues. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For versions prior to 14.4, update to version 14.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the PVWA (Password Vault Web Access) to minimize the risk of exploitation. Avoid using the Host header in sensitive operations until the issue is resolved.