Secret Server@11.4 Security Vulnerabilities and Issues — Secret Server@11.4 CVE List

Lucene search

DelineaSecret Server11.4

3 matches found

CVE•added 2024/03/14 2:15 a.m.•100 views

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This ma...

5.9CVSS6.1AI score0.00032EPSS

CVE•added 2024/03/14 3:15 a.m.•68 views

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through info...

7.6CVSS7.7AI score0.00049EPSS

CVE•added 2024/03/14 3:15 a.m.•50 views

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue ...

6.7CVSS7.3AI score0.00008EPSS