Full title: CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution Vulnerabili 
Category: web applications
Platform: jsp
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.

# 0day.today @ http://0day.today/