CVE-2025-22270 in Endpoint Privilege Managerالمعلومات

الملخص

بحسب MITRE • 28/02/2025

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection.


This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

CERT-PL

حجز

02/01/2025

إفشاء

28/02/2025

الاعتدال

تمت الموافقة

إدخال

VDB-297981

EPSS

0.00589

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to know what is going to be exploited?

We predict KEV entries!