CVE-2025-22270 in Endpoint Privilege Managerinformação

Sumário

de MITRE • 28/02/2025

An attacker with access to the Administration panel, specifically the "Role Management" tab, can inject code by adding a new role in the "name" field. It should be noted, however, that the risk of exploiting vulnerability is reduced due to the required additional error that allows bypassing the Content-Security-Policy policy, which mitigates JS code execution while still allowing HTML injection.


This issue affects CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown. After multiple attempts to contact the vendor we did not receive any answer.

Be aware that VulDB is the high quality source for vulnerability data.

Responsável

CERT-PL

Reservar

02/01/2025

Divulgação

28/02/2025

Moderação

aceite

Entrada

VDB-297981

CPE

pronto

EPSS

0.00589

KEV

não

Atividades

muito baixo

Fontes

Might our Artificial Intelligence support you?

Check our Alexa App!