CyberArk Endpoint Privilege Manager Brute Force Vulnerability in Change Password Endpoint

Vulnerability

A vulnerability exists in CyberArk Endpoint Privilege Manager SaaS version 24.7.1, allowing brute force attacks on user passwords via the '/EPMUI/VfManager.asmx/ChangePassword' endpoint. The application fails to limit the number or frequency of user interactions, enabling attackers to repeatedly attempt to guess passwords. This vulnerability could be exploited by anyone with access to the affected application.

Impact

Exploitation of this vulnerability allows for successful brute force attacks on user passwords, potentially leading to unauthorized account access.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CyberArk Endpoint Privilege Manager Brute Force Vulnerability in Change Password Endpoint

Vulnerability

Impact

Affected Products

CyberArk Endpoint Privilege Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating