CVE-2024-57967
MEDIUMCyberArk Privileged Access Manager Self-Hosted <14.4 - Privilege Es...
Title source: llmDescription
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
References (2)
Core 2
Core References
Various Sources
https://docs.cyberark.com/pam-self-hosted/latest/en/content/release%20notes/rn-whatsnew14-4.htm#Securitybugfixes
Various Sources
https://www.cyberark.com/ca24-15/
Scores
CVSS v3
4.2
EPSS
0.0021
EPSS Percentile
11.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
Status
published
Products (1)
CyberArk/Privileged Access Manager
< 14.4
Published
Feb 03, 2025
Tracked Since
Feb 18, 2026