CVE-2024-54840

Published: Feb 3, 2025

Modified: Feb 19, 2025

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

Vendor	Product	Versions
CyberArk	Privileged Access Manager	affected `0 - < 14.4`

Weaknesses (CWE)

CWE-348

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes

https://gist.github.com/Hurdano/8244855ef8ec364fd98a2693de6e30c5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-54840

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References