CVE-2018-14894

CyberArk Endpoint Privilege Manager 10.2.1.603 and earlier allows an attacker (who is able to edit permissions of a file) to bypass intended access restrictions and execute blocked applications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
cyberarkendpoint_privilege_manager
𝑥
≤ 10.2.1.603
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152489/CyberArk-EPM-10.2.1.603-Security-Restrictions-Bypass.html
https://mustafakemalcan.com/cyberark-epm-file-block-bypass-cve-2018-14894/
https://www.exploit-db.com/exploits/46688/
https://www.youtube.com/watch?v=B0VpK0poTco
http://packetstormsecurity.com/files/152489/CyberArk-EPM-10.2.1.603-Security-Restrictions-Bypass.html
https://mustafakemalcan.com/cyberark-epm-file-block-bypass-cve-2018-14894/
https://www.exploit-db.com/exploits/46688/
https://www.youtube.com/watch?v=B0VpK0poTco