GCVE - cpe:2.3:a:cyberark:identity:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:cyberark:identity:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Cyberark (`9c54839f-9986-5c3d-9a93-34ddd2d9eb95`)
Product	Identity (`9c292e01-eeab-5118-8e2d-b4c34a2cb159`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-42340`	vulnerable	2026-06-03 14:56:36.135200	CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security HIGH (8.3) CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security Published: 2024-08-25T07:12:05.219Z Updated: 2024-08-26T19:18:05.719Z Open on db.gcve.eu Reference links https://www.gov.il/en/Departments/faq/cve_advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42339`	vulnerable	2026-06-03 14:56:36.134868	CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor MEDIUM (4.3) CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Published: 2024-08-25T07:08:37.856Z Updated: 2024-08-28T16:01:09.988Z Open on db.gcve.eu Reference links https://www.gov.il/en/Departments/faq/cve_advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42338`	vulnerable	2026-06-03 14:56:36.134504	CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor MEDIUM (4.3) CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Published: 2024-08-25T07:07:59.731Z Updated: 2024-08-26T15:24:55.654Z Open on db.gcve.eu Reference links https://www.gov.il/en/Departments/faq/cve_advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42337`	vulnerable	2026-06-03 14:56:36.134023	CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor MEDIUM (4.3) CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Published: 2024-08-25T07:03:24.805Z Updated: 2024-08-28T14:17:41.642Z Open on db.gcve.eu Reference links https://www.gov.il/en/Departments/faq/cve_advisories	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-22700`	vulnerable	2026-06-03 14:46:25.126003	Details available CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant. Published: 2022-03-03T18:20:21.000Z Updated: 2024-08-03T03:21:49.056Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/porter/ https://docs.cyberark.com/Product-Doc/OnlineHelp/Idaptive/Latest/en/Content/ReleaseNotes/ReleaseNotes-Latest.htm	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-37151`	vulnerable	2026-06-03 14:44:59.966202	Details available CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords. Published: 2021-09-01T12:35:08.000Z Updated: 2024-08-04T01:16:02.865Z Open on db.gcve.eu Reference links https://www.cyberark.com/products/ https://www.gov.il/en/departments/faq/cve_advisories	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.