Important vulnerability in CyberArk Identity security solution

Cybersecurity specialists report the detection of a critical vulnerability in Cyberark Identity, a trusted partner for many leading organizations that allows implementing defense measures against cyberattacks, enabling digital businesses and boosting the operational efficiency of an organization. According to the report, exploiting this vulnerability would allow threat actors to access sensitive information.

Tracked as CVE-2022-22700, the flaw exists due to the exposure of the “X-CFY-TX-TM” response header in the “StartAuthentication” resource. This would allow remote threat actors to gain unauthorized access to sensitive information on the affected system.

This is a medium severity vulnerability and received a score of 4.8/10 according to the Common Vulnerability Scoring System (CVSS).

According to the report, the flaw lies in version 22.1 of Cyberark Identity.

While the flaw can be exploited remotely by unauthenticated threat actors, so far no active exploitation attempts or the existence of a malware variant associated with the attack have been detected. Still, users of affected deployments are encouraged to upgrade as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.