The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
9.8CVSS
9.5AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.
5.5AI Score
0.003EPSS
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.8AI Score
0.001EPSS
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
5.4CVSS
7.3AI Score
0.001EPSS
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
9.8CVSS
9.3AI Score
0.002EPSS
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
10CVSS
7.4AI Score
0.002EPSS
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
6.5CVSS
6.9AI Score
0.001EPSS