Cybersecurity specialists report the detection of a critical vulnerability in Cyberark Identity, a trusted partner for many leading organizations that allows implementing defense measures against cyberattacks, enabling digital businesses and boosting the operational efficiency of an organization. According to the report, exploiting this vulnerability would allow threat actors to access sensitive information.
Tracked as CVE-2022-22700, the flaw exists due to the exposure of the “X-CFY-TX-TM” response header in the “StartAuthentication” resource. This would allow remote threat actors to gain unauthorized access to sensitive information on the affected system.
This is a medium severity vulnerability and received a score of 4.8/10 according to the Common Vulnerability Scoring System (CVSS).
According to the report, the flaw lies in version 22.1 of Cyberark Identity.
While the flaw can be exploited remotely by unauthenticated threat actors, so far no active exploitation attempts or the existence of a malware variant associated with the attack have been detected. Still, users of affected deployments are encouraged to upgrade as soon as possible.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.