Home / os / winmobile

CyberArk Password Vault Web Access Remote Code Execution

Posted on 09 April 2018

The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.

 

TOP