CVE-2018-12903 : Security Advisory and Response

CyberArk Endpoint Privilege Manager (formerly Viewfinity) version 10.2.1.603 is vulnerable to persistent cross-site scripting (XSS) attacks.

Understanding CVE-2018-12903

This CVE identifies a persistent XSS vulnerability in CyberArk Endpoint Privilege Manager version 10.2.1.603.

What is CVE-2018-12903?

Persistent XSS allows attackers to inject malicious scripts into web pages viewed by other users.

The Impact of CVE-2018-12903

Attackers can execute arbitrary scripts in the context of the user's session.
Sensitive data can be compromised, leading to account takeover or unauthorized actions.

Technical Details of CVE-2018-12903

CyberArk Endpoint Privilege Manager version 10.2.1.603 is susceptible to persistent XSS attacks.

Vulnerability Description

The vulnerability allows exploitation through various points, including account names, display screens, and dialog fields.

Affected Systems and Versions

Product: CyberArk Endpoint Privilege Manager (formerly Viewfinity)
Version: 10.2.1.603

Exploitation Mechanism

Account name on the create token screen
VfManager.asmx SelectAccounts->DisplayName screen
User's groups in ConfigurationPage
Dialog Title field
App Group Name in the Application Group Wizard

Mitigation and Prevention

To address CVE-2018-12903, follow these steps:

Immediate Steps to Take

Update CyberArk Endpoint Privilege Manager to a patched version.
Implement input validation to sanitize user inputs.
Monitor and restrict user access to vulnerable areas.

Long-Term Security Practices

Conduct regular security assessments and penetration testing.
Educate users on safe browsing habits and phishing awareness.
Implement a web application firewall to filter and block malicious traffic.

Patching and Updates

Apply security patches provided by CyberArk promptly.
Stay informed about security advisories and updates from the vendor.