Arbitrary Code Execution via Serialized .NET Object in CyberArk Password Vault Web Access REST API

Arbitrary Code Execution via Serialized .NET Object in CyberArk Password Vault Web Access REST API

CVE-2018-9843 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.

Learn more about our Web App Pen Testing.