Vulnerability Description
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cyberark | Enterprise Password Vault | <= 10.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-1
- https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-exterExploitThird Party Advisory
- http://packetstormsecurity.com/files/152801/CyberArk-Enterprise-Password-Vault-1
- https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-exterExploitThird Party Advisory
FAQ
What is CVE-2019-7442?
CVE-2019-7442 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass au...
How severe is CVE-2019-7442?
CVE-2019-7442 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-7442?
Check the references section above for vendor advisories and patch information. Affected products include: Cyberark Enterprise Password Vault.