Arbitrary Code Execution via Serialized .NET Object in CyberArk Password Vault Web Access REST API
CVE-2018-9843 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
Learn more about our Web App Pen Testing.