CVE-2022-22700
First published: Thu Mar 03 2022(Updated: )
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CyberArk Identity | <=22.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-22700.
What is the severity level of CVE-2022-22700?
The severity level of CVE-2022-22700 is medium with a score of 5.3.
How does CVE-2022-22700 affect CyberArk Identity?
CVE-2022-22700 affects CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource.
What is the exposure caused by CVE-2022-22700?
CVE-2022-22700 exposes the response header 'X-CFY-TX-TM' in certain configurations.
How can CVE-2022-22700 be used to determine if a user exists in the tenant?
CVE-2022-22700 can be used to determine if a user exists in the tenant by analyzing the different, predictable value ranges in the 'X-CFY-TX-TM' response header.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cyberark
- canonical/cyberark identity
- version/cyberark identity/22.1