Security Advisory

CVE-2022-22700

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-03-03 18:20:21

Last updated 2024-08-03 03:21:49

Assigner Fluid Attacks

State PUBLISHED

Description

CyberArk Identity versions up to and including 22.1 in the StartAuthentication resource, exposes the response header X-CFY-TX-TM. In certain configurations, that response header contains different, predictable value ranges which can be used to determine whether a user exists in the tenant.

← Browse all CVEs View on cve.org ↗