cbcvebase.

Fortra Core Privileged Access Manager vulnerabilities

4 known vulnerabilities affecting fortra/core_privileged_access_manager.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2026-9862P2CRITICALCVSS 9.8≥ boks-server 8.1.0.0, ≤ boks-server 8.1.0.22≥ boks-server 9.0.0.0, ≤ boks-server 9.0.0.42026-06-15
CVE-2026-9862 [CRITICAL] CWE-78 CVE-2026-9862: Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in th Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing.
nvd
CVE-2026-9863P3HIGHCVSS 7.5≥ boks-server 8.1.0.0, ≤ boks-server 8.1.0.22≥ boks-server 9.0.0.0, ≤ boks-server 9.0.0.42026-06-15
CVE-2026-9863 [HIGH] CWE-78 CVE-2026-9863: Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch t Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS Master during client version handling.
nvd
CVE-2025-13532P4MEDIUMCVSS 6.2vThis issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain. The affected platforms are: Debian 11, 12, 13, RedHat 9, 10 and Ubuntu 24.2025-12-16
CVE-2025-13532 [MEDIUM] CWE-916 CVE-2025-13532: Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) ca Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager (BoKS) can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain.
nvd
CVE-2025-5141P4MEDIUMCVSS 5.5≤ 7.2.0.172025-06-17
CVE-2025-5141 [MEDIUM] CWE-524 CVE-2025-5141: A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on ver A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix #0474 on Linux, AIX, and Solaris allows low privilege local users to dump data from the cache.
nvd
Fortra Core Privileged Access Manager vulnerabilities | cvebase