CyberArk Identity
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in CyberArk Identity.
By the Year
In 2026 there have been 0 vulnerabilities in CyberArk Identity. Identity did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 4 | 4.85 |
| 2023 | 0 | 0.00 |
| 2022 | 1 | 5.30 |
| 2021 | 1 | 5.30 |
It may take a day or so for new Identity vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent CyberArk Identity Security Vulnerabilities
CyberArk Password Vault: ClientSide Enforcement Bypass (CVE202442340)
CVE-2024-42340
4.3 - Medium
- August 25, 2024
CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security
Client-Side Enforcement of Server-Side Security
CVE-2024-42339 CyberArk PAS: Sensitive Data Exposure (CWE-200)
CVE-2024-42339
4.3 - Medium
- August 25, 2024
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Information Disclosure
CyberArk Sensitive Info Exposure (CWE-200) to Unauthorized Actors
CVE-2024-42338
4.3 - Medium
- August 25, 2024
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Information Disclosure
CyberArk Sensitive Info Exposure (CWE-200)
CVE-2024-42337
6.5 - Medium
- August 25, 2024
CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
Information Disclosure
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'
CVE-2022-22700
5.3 - Medium
- March 03, 2022
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
Use of Insufficiently Random Values
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid
CVE-2021-37151
5.3 - Medium
- September 01, 2021
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords.
Side Channel Attack
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for CyberArk Identity or by CyberArk? Click the Watch button to subscribe.
