Lucene search

K
DelineaSecret Server

6 matches found

CVE
CVE
added 2024/03/14 2:15 a.m.100 views

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This ma...

5.9CVSS6.1AI score0.00032EPSS
CVE
CVE
added 2024/04/28 11:15 p.m.97 views

CVE-2024-33891

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.

8.8CVSS7.1AI score0.00198EPSS
CVE
CVE
added 2024/03/14 3:15 a.m.68 views

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through info...

7.6CVSS7.7AI score0.00049EPSS
CVE
CVE
added 2024/03/14 3:15 a.m.50 views

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue ...

6.7CVSS7.3AI score0.00008EPSS
CVE
CVE
added 2023/09/06 12:15 p.m.26 views

CVE-2023-4588

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup d...

6.8CVSS5.4AI score0.00144EPSS
CVE
CVE
added 2023/09/06 12:15 p.m.22 views

CVE-2023-4589

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signature...

9.1CVSS7.4AI score0.0011EPSS