Description
Idira Privileged Access Manager (PAM) Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulting in a localized denial of service (DoS). CyberArk Security Bulletin: CA26-17
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
None
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
Low
U
Amber
Affected products
- CyberArk Software, a Palo Alto Networks Company / PAM SH Vault14.0 – 14.0.8
- CyberArk Software, a Palo Alto Networks Company / PAM SH Vault14.2 – 14.2.7
- CyberArk Software, a Palo Alto Networks Company / PAM SH Vault14.6 – 14.6.5
- CyberArk Software, a Palo Alto Networks Company / PAM SH Vault15.0 – 15.0.3
References
- MISChttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew15-0-vault.htm#15.0.3
- MISChttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-6-vault.htm#14.6.5
- MISChttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-2-7.htm
- MISChttps://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-0-8.htm