Lucene search

Secret Server Security Vulnerabilities

cve

CVE-2021-41845

A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through...

6.5CVSS

6.9AI Score

0.001EPSS

2021-10-01 07:15 PM

cve

CVE-2019-18357

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of...

6.1CVSS

6.4AI Score

0.001EPSS

2019-10-23 07:15 PM

cve

CVE-2019-18356

An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of...

6.1CVSS

6.4AI Score

0.001EPSS

2019-10-23 07:15 PM

cve

CVE-2019-18355

An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before...

9.8CVSS

7.4AI Score

0.002EPSS

2019-10-23 07:15 PM

cve

CVE-2014-4861

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has...

9.8CVSS

9.5AI Score

0.002EPSS

2018-03-09 08:29 PM

cve

CVE-2017-11725

The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended...

5.4CVSS

9.3AI Score

0.001EPSS

2017-07-29 05:29 AM

cve

CVE-2015-3443

Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password...

5.4AI Score

0.003EPSS

2015-07-02 02:59 PM

cve

CVE-2015-4094

The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...

6.3AI Score

0.001EPSS

2015-06-02 02:59 PM