A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through...
6.5CVSS
6.9AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.001EPSS
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before...
9.8CVSS
7.4AI Score
0.002EPSS
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has...
9.8CVSS
9.5AI Score
0.002EPSS
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended...
5.4CVSS
9.3AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password...
5.4AI Score
0.003EPSS
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6.3AI Score
0.001EPSS