PVWA <14.4 Host Header Injection Vulnerability
CVE-2024-54840 Published on February 3, 2025
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.
Weakness Type
Use of Less Trusted Source
The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Products Associated with CVE-2024-54840
Want to know whenever a new CVE is published for CyberArk Privileged Access Manager? stack.watch will email you.
Affected Versions
CyberArk Privileged Access Manager:- Before 14.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.