CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37151

CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 45.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

Products affected by CVE-2021-37151

Cyberark » Identity » Version: 19.1

cpe:2.3:a:cyberark:identity:19.1
Cyberark » Identity » Version: 19.2

cpe:2.3:a:cyberark:identity:19.2
Cyberark » Identity » Version: 19.3

cpe:2.3:a:cyberark:identity:19.3
Cyberark » Identity » Version: 19.4

cpe:2.3:a:cyberark:identity:19.4
Cyberark » Identity » Version: 19.5.186

cpe:2.3:a:cyberark:identity:19.5.186
Cyberark » Identity » Version: 19.5.197

cpe:2.3:a:cyberark:identity:19.5.197
Cyberark » Identity » Version: 19.5.200

cpe:2.3:a:cyberark:identity:19.5.200
Cyberark » Identity » Version: 19.5.205

cpe:2.3:a:cyberark:identity:19.5.205
Cyberark » Identity » Version: 19.6.269

cpe:2.3:a:cyberark:identity:19.6.269
Cyberark » Identity » Version: 19.6.273

cpe:2.3:a:cyberark:identity:19.6.273
Cyberark » Identity » Version: 19.6.279

cpe:2.3:a:cyberark:identity:19.6.279
Cyberark » Identity » Version: 20.1.237

cpe:2.3:a:cyberark:identity:20.1.237
Cyberark » Identity » Version: 20.1.242

cpe:2.3:a:cyberark:identity:20.1.242
Cyberark » Identity » Version: 20.1.250

cpe:2.3:a:cyberark:identity:20.1.250
Cyberark » Identity » Version: 20.1.256

cpe:2.3:a:cyberark:identity:20.1.256
Cyberark » Identity » Version: 20.1.257

cpe:2.3:a:cyberark:identity:20.1.257
Cyberark » Identity » Version: 20.1.258

cpe:2.3:a:cyberark:identity:20.1.258
Cyberark » Identity » Version: 20.2.385

cpe:2.3:a:cyberark:identity:20.2.385
Cyberark » Identity » Version: 20.2.386

cpe:2.3:a:cyberark:identity:20.2.386
Cyberark » Identity » Version: 20.2.388

cpe:2.3:a:cyberark:identity:20.2.388
Cyberark » Identity » Version: 20.3.192

cpe:2.3:a:cyberark:identity:20.3.192
Cyberark » Identity » Version: 20.3.197

cpe:2.3:a:cyberark:identity:20.3.197
Cyberark » Identity » Version: 20.4.162

cpe:2.3:a:cyberark:identity:20.4.162
Cyberark » Identity » Version: 20.5.163

cpe:2.3:a:cyberark:identity:20.5.163
Cyberark » Identity » Version: 20.6.137

cpe:2.3:a:cyberark:identity:20.6.137
Cyberark » Identity » Version: 20.6.138

cpe:2.3:a:cyberark:identity:20.6.138
Cyberark » Identity » Version: 20.7.156

cpe:2.3:a:cyberark:identity:20.7.156
Cyberark » Identity » Version: 21.1.109

cpe:2.3:a:cyberark:identity:21.1.109
Cyberark » Identity » Version: 21.10.146

cpe:2.3:a:cyberark:identity:21.10.146
Cyberark » Identity » Version: 21.11.130

cpe:2.3:a:cyberark:identity:21.11.130
Cyberark » Identity » Version: 21.2.123

cpe:2.3:a:cyberark:identity:21.2.123
Cyberark » Identity » Version: 21.2.124

cpe:2.3:a:cyberark:identity:21.2.124
Cyberark » Identity » Version: 21.3.135

cpe:2.3:a:cyberark:identity:21.3.135
Cyberark » Identity » Version: 21.4.139

cpe:2.3:a:cyberark:identity:21.4.139
Cyberark » Identity » Version: 21.4.143

cpe:2.3:a:cyberark:identity:21.4.143
Cyberark » Identity » Version: 21.5.131

cpe:2.3:a:cyberark:identity:21.5.131
Cyberark » Identity » Version: 21.6.124

cpe:2.3:a:cyberark:identity:21.6.124
Cyberark » Identity » Version: 21.7.146

cpe:2.3:a:cyberark:identity:21.7.146
Cyberark » Identity » Version: 21.8.126

cpe:2.3:a:cyberark:identity:21.8.126
Cyberark » Identity » Version: 21.8.127

cpe:2.3:a:cyberark:identity:21.8.127
Cyberark » Identity » Version: 21.9.131

cpe:2.3:a:cyberark:identity:21.9.131

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37151

Products

Pricing

Contact Us