CVE-2024-54840

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-348
View all →

Vulnerability Description

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

Related Vulnerabilities

CVE-2021-21373

MEDIUM
CVSS:5.9(Medium)

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In cas...

CWE-3482021

CVE-2025-43918

MEDIUM
CVSS:6.4(Medium)

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email...

CWE-3482025

CVE-2022-4532

MEDIUM
CVSS:6.5(Medium)

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Addr...

CWE-3482022

CVE-2025-1245

MEDIUM
CVSS:6.5(Medium)

Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view componen...

CWE-3482025

CVE-2022-44593

MEDIUM
CVSS:5.3(Medium)

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.

CWE-3482022

CVE-2022-4529

MEDIUM
CVSS:5.3(Medium)

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Ad...

CWE-3482022