This page lists publicly disclosed CVE vulnerabilities affecting cyberark credential_provider (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-31798 | The effective key space used to encrypt the cache in CyberArk Credential Provider prior to 12.1 has low entropy, and under certain conditions a local malicious user can obtain the plaintext of cache files. | [email protected] | 4.4 | 0.11% | 2021-09-02 | 2024-11-21 |
| CVE-2021-31796 | An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36. | [email protected] | 7.5 | 0.96% | 2021-09-02 | 2024-11-21 |
| CVE-2021-31797 | The user identification mechanism used by CyberArk Credential Provider prior to 12.1 is susceptible to a local host race condition, leading to password disclosure. | [email protected] | 5.1 | 0.08% | 2021-09-02 | 2024-11-21 |