CVE-2011-0459

Published Oct 5, 2011

Last updated 13 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6C6B4CC-E750-46AE-9F0F-C738F39A94D5",
            "versionEndIncluding": "5.0"
          },
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8A78634-B542-44FE-971C-56E5D9AAA1ED"
          },
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C612D3A4-B70A-43E8-A07A-7AD444AFC526"
          },
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:5.5:patch4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D093FF5E-D6B9-4375-9E37-D057FFEC2ACF"
          },
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "763DB6B5-3A79-4C93-B1FE-2F21F6B8BE9A"
          },
          {
            "criteria": "cpe:2.3:a:cyber-ark:password_vault_web_access:6.0:patch2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FA8BFD3-C71E-443D-A819-A994C6DB64A3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References