Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CyberArk Identity 安全特征问题漏洞
Vulnerability Description
CyberArk Identity是CyberArk公司的提供最完整的身份安全平台,以确保端到端的所有身份。 CyberArk Identity 存在安全特征问题漏洞,该漏洞源于StartAuthentication资源会公开响应标头X-CFY-TX-TM。在某些配置中,该响应标头包含不同的、可预测的值范围,可用于确定用户是否存在于租户中。
CVSS Information
N/A
Vulnerability Type
N/A