CyberArk Endpoint Privilege Manager IP Address Spoofing Vulnerability

Vulnerability

A vulnerability in CyberArk Endpoint Privilege Manager SaaS version 24.7.1 allows for IP address spoofing by manually setting values in the 'X-Forwarded-For' header. This manipulation disrupts the application's action logging, leading to a loss of accountability. The vulnerability's exploitation could be mitigated by an additional error that bypasses the Content-Security-Policy, which normally restricts JavaScript execution but still permits HTML injection.

Impact

Exploitation of this vulnerability could result in unauthorized IP address spoofing, causing the application's logging mechanism to fail in accurately recording actions, thereby undermining accountability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CyberArk Endpoint Privilege Manager IP Address Spoofing Vulnerability

Vulnerability

Impact

Affected Products

CyberArk Endpoint Privilege Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating