CVE-2018-12903 in Endpoint Privilege Managerinfo

Summary

In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen, a user's groups in ConfigurationPage, the Dialog Title field, and App Group Name in the Application Group Wizard.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/26/2018

Disclosure

06/26/2018

Moderation

VulDB entry created

Entries

VDB-120003 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

4.4

EPSS

0.00281

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-12903
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-12903
CVE Details	https://www.cvedetails.com/cve/CVE-2018-12903/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!