cvedb.io
CVE-2021-31796
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-09-02T01:15:06.400 · Last modified 2026-06-17T03:52:14.947

Summary

An inadequate encryption vulnerability discovered in CyberArk Credential Provider before 12.1 may lead to Information Disclosure. An attacker may realistically have enough information that the number of possible keys (for a credential file) is only one, and the number is usually not higher than 2^36.

Affected products

cyberark — credential_provider

Does this affect you?

Add your gear to cvedb and we'll alert you only when cyberark ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.