nvd-json-data-feeds/CVE-2025/CVE-2025-222xx/CVE-2025-22274.json

{
  "id": "CVE-2025-22274",
  "sourceIdentifier": "cvd@cert.pl",
  "published": "2025-02-28T13:15:28.067",
  "lastModified": "2025-03-05T16:15:38.243",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [
    {
      "sourceIdentifier": "cvd@cert.pl",
      "tags": [
        "exclusively-hosted-service"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."
    },
    {
      "lang": "es",
      "value": "Es posible inyectar c\u00f3digo HTML en el contenido de la p\u00e1gina mediante el campo \"contenido\" en la p\u00e1gina \"Definici\u00f3n de la aplicaci\u00f3n\". Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cvd@cert.pl",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "baseScore": 2.0,
          "baseSeverity": "LOW",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "LOW",
          "userInteraction": "ACTIVE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "subAvailabilityImpact": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirement": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "availabilityRequirement": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cvd@cert.pl",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",
      "source": "cvd@cert.pl"
    },
    {
      "url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",
      "source": "cvd@cert.pl"
    },
    {
      "url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",
      "source": "cvd@cert.pl"
    }
  ]
}
Auto-Update: 2025-02-28T15:00:20.043026+00:00 2025-02-28 15:03:48 +00:00			`{`
			`"id": "CVE-2025-22274",`
			`"sourceIdentifier": "cvd@cert.pl",`
			`"published": "2025-02-28T13:15:28.067",`
Auto-Update: 2025-03-05T17:00:20.315796+00:00 2025-03-05 17:03:50 +00:00			`"lastModified": "2025-03-05T16:15:38.243",`
			`"vulnStatus": "Awaiting Analysis",`
			`"cveTags": [`
			`{`
			`"sourceIdentifier": "cvd@cert.pl",`
			`"tags": [`
			`"exclusively-hosted-service"`
			`]`
			`}`
			`],`
Auto-Update: 2025-02-28T15:00:20.043026+00:00 2025-02-28 15:03:48 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "It is possible to inject HTML code into the page content using the \"content\" field in the \"Application definition\" page.\n\n\nThis issue affects\u00a0CyberArk Endpoint Privilege Manager in SaaS version 24.7.1. The status of other versions is unknown.\u00a0After multiple attempts to contact the vendor we did not receive any answer."`
Auto-Update: 2025-03-05T17:00:20.315796+00:00 2025-03-05 17:03:50 +00:00			`},`
			`{`
			`"lang": "es",`
			`"value": "Es posible inyectar c\u00f3digo HTML en el contenido de la p\u00e1gina mediante el campo \"contenido\" en la p\u00e1gina \"Definici\u00f3n de la aplicaci\u00f3n\". Este problema afecta a CyberArk Endpoint Privilege Manager en la versi\u00f3n SaaS 24.7.1. Se desconoce el estado de otras versiones. Despu\u00e9s de varios intentos de comunicarnos con el proveedor, no recibimos ninguna respuesta."`
Auto-Update: 2025-02-28T15:00:20.043026+00:00 2025-02-28 15:03:48 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV40": [`
			`{`
			`"source": "cvd@cert.pl",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "4.0",`
			`"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",`
			`"baseScore": 2.0,`
			`"baseSeverity": "LOW",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"attackRequirements": "PRESENT",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "ACTIVE",`
			`"vulnConfidentialityImpact": "NONE",`
			`"vulnIntegrityImpact": "LOW",`
			`"vulnAvailabilityImpact": "LOW",`
			`"subConfidentialityImpact": "NONE",`
			`"subIntegrityImpact": "NONE",`
			`"subAvailabilityImpact": "NONE",`
			`"exploitMaturity": "NOT_DEFINED",`
			`"confidentialityRequirement": "NOT_DEFINED",`
			`"integrityRequirement": "NOT_DEFINED",`
			`"availabilityRequirement": "NOT_DEFINED",`
			`"modifiedAttackVector": "NOT_DEFINED",`
			`"modifiedAttackComplexity": "NOT_DEFINED",`
			`"modifiedAttackRequirements": "NOT_DEFINED",`
			`"modifiedPrivilegesRequired": "NOT_DEFINED",`
			`"modifiedUserInteraction": "NOT_DEFINED",`
			`"modifiedVulnConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedVulnIntegrityImpact": "NOT_DEFINED",`
			`"modifiedVulnAvailabilityImpact": "NOT_DEFINED",`
			`"modifiedSubConfidentialityImpact": "NOT_DEFINED",`
			`"modifiedSubIntegrityImpact": "NOT_DEFINED",`
			`"modifiedSubAvailabilityImpact": "NOT_DEFINED",`
			`"Safety": "NOT_DEFINED",`
			`"Automatable": "NOT_DEFINED",`
			`"Recovery": "NOT_DEFINED",`
			`"valueDensity": "NOT_DEFINED",`
			`"vulnerabilityResponseEffort": "NOT_DEFINED",`
			`"providerUrgency": "NOT_DEFINED"`
			`}`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "cvd@cert.pl",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-80"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://cert.pl/en/posts/2025/02/CVE-2025-22270/",`
			`"source": "cvd@cert.pl"`
			`},`
			`{`
			`"url": "https://cert.pl/posts/2025/02/CVE-2025-22270/",`
			`"source": "cvd@cert.pl"`
			`},`
			`{`
			`"url": "https://docs.cyberark.com/epm/24.7.1/en/content/resources/_topnav/cc_home.htm",`
			`"source": "cvd@cert.pl"`
			`}`
			`]`
			`}`