CVE-2020-25738
MEDIUM
5,5
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW
1,9
Source: [email protected]
Access Vector: local
Access Complexity: medium
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0006
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
427
Uncontrolled Search Path Element
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
All platforms may be affected
Application
Endpoint Privilege Manager by Cyberark
CPE Identifier
View Detailed Analysis
cpe:2.3:a:cyberark:endpoint_privilege_manager:11.1.0.173:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://gist.github.com/inc0d3/47294c1e73ef8cbdc098e739d086efbc
https://www.cyberark.com/resources/blog/introducing-cyberark-endpoint-privilege…
https://gist.github.com/inc0d3/47294c1e73ef8cbdc098e739d086efbc
https://www.cyberark.com/resources/blog/introducing-cyberark-endpoint-privilege…