Primary

Context

CyberArk Secrets Manager Self-Hosted IAM Authenticator Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in CyberArk Secrets Manager, Self-Hosted installations that improperly route traffic to AWS through a misconfigured network device. This flaw allows an attacker to redirect authentication requests to a malicious server under their control. The issue is believed to be exploitable in only a few installations. Affected versions include Secrets Manager, Self-Hosted prior to 13.5.1 and 13.6.1, as well as Conjur OSS prior to 1.22.1.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of authentication requests, potentially allowing an attacker to intercept or manipulate authentication processes.

Remediation

Users can upgrade to Conjur OSS version 1.22.1 or Secrets Manager, Self-Hosted versions 13.5.1 or 13.6.1 to address this vulnerability.

Added: Jul 15, 2025, 11:58 PM

Updated: Jul 15, 2025, 11:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CyberArk Secrets Manager Self-Hosted IAM Authenticator Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CyberArk Conjur OSS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating