Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31798 | 1 Cyberark | 1 Credential Provider | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | |||||
CVE-2021-31797 | 1 Cyberark | 1 Credential Provider | 2024-11-21 | 1.9 LOW | 5.1 MEDIUM |
The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | |||||
CVE-2021-31796 | 1 Cyberark | 1 Credential Provider | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. |