CVE-2011-0459
Published Oct 5, 2011
Last updated 13 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6C6B4CC-E750-46AE-9F0F-C738F39A94D5",
"versionEndIncluding": "5.0"
},
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8A78634-B542-44FE-971C-56E5D9AAA1ED"
},
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C612D3A4-B70A-43E8-A07A-7AD444AFC526"
},
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D093FF5E-D6B9-4375-9E37-D057FFEC2ACF"
},
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "763DB6B5-3A79-4C93-B1FE-2F21F6B8BE9A"
},
{
"criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5FA8BFD3-C71E-443D-A819-A994C6DB64A3"
}
],
"operator": "OR"
}
]
}
]