CVE-2021-37151 — CVSS 5.3 (medium): CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain…
CVE-2022-22700 — CVSS 5.3 (medium): CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In…