Search criteria
30 vulnerabilities found for secret_server by delinea
FKIE_CVE-2025-6943
Vulnerability from fkie_nvd - Published: 2025-07-02 16:15 - Updated: 2025-10-10 15:31
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Summary
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "623089B9-9783-4EF5-A7A5-515FF1BB6916",
"versionEndExcluding": "11.7.000060",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables."
},
{
"lang": "es",
"value": "La versi\u00f3n 11.7 y anteriores de Secret Server son vulnerables a una vulnerabilidad de creaci\u00f3n de informes SQL que permite a un administrador obtener acceso a tablas restringidas."
}
],
"id": "CVE-2025-6943",
"lastModified": "2025-10-10T15:31:36.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 3.4,
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-02T16:15:30.060",
"references": [
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.delinea.com"
}
],
"sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-12908
Vulnerability from fkie_nvd - Published: 2024-12-26 16:15 - Updated: 2025-10-15 17:08
Severity ?
6.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a
malicious document which could trigger the vulnerable handler, allowing them to execute
arbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "A0574563-724D-4B64-9B9A-1DB738C20ECD",
"versionEndExcluding": "11.9.000006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version\u00a06.0.3.26)\u00a0where, within the protocol handler function, URI\u0027s were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a\u00a0remote attacker may be able to convince a user to visit a malicious web-page, or open a\nmalicious document which could trigger the vulnerable handler, allowing them to execute\narbitrary code on the user\u0027s machine.\u00a0Delinea added additional validation that the downloaded installer\u0027s batch file was in the expected format."
},
{
"lang": "es",
"value": "Delinea abord\u00f3 un caso informado en Secret Server v11.7.31 (versi\u00f3n del controlador de protocolo 6.0.3.26) donde, dentro de la funci\u00f3n del controlador de protocolo, se compararon las URL antes de la normalizaci\u00f3n y la canonizaci\u00f3n, lo que potencialmente llev\u00f3 a una coincidencia excesiva con la lista aprobada. Si este ataque se explotara con \u00e9xito, un atacante remoto podr\u00eda convencer a un usuario de visitar una p\u00e1gina web maliciosa o abrir un documento malicioso que podr\u00eda activar el controlador vulnerable, lo que le permitir\u00eda ejecutar c\u00f3digo arbitrario en la m\u00e1quina del usuario. Delinea agreg\u00f3 una validaci\u00f3n adicional de que el archivo por lotes del instalador descargado estaba en el formato esperado."
}
],
"id": "CVE-2024-12908",
"lastModified": "2025-10-15T17:08:20.230",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7,
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-26T16:15:06.050",
"references": [
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000049.htm"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Product"
],
"url": "https://trust.delinea.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
}
],
"sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-33891
Vulnerability from fkie_nvd - Published: 2024-04-28 23:15 - Updated: 2025-10-28 18:50
Severity ?
Summary
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:*:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "127DC711-EC68-4D34-B86A-9E6EA0AA5FCB",
"versionEndExcluding": "11.7.000001",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute."
},
{
"lang": "es",
"value": "Delinea Secret Server anterior a 11.7.000001 permite a los atacantes eludir la autenticaci\u00f3n a trav\u00e9s de la API SOAP en SecretServer/webservices/SSWebService.asmx. Esto est\u00e1 relacionado con una clave codificada, el uso del n\u00famero entero 2 para el usuario administrador y la eliminaci\u00f3n del atributo oauthExpirationId."
}
],
"id": "CVE-2024-33891",
"lastModified": "2025-10-28T18:50:31.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
}
]
},
"published": "2024-04-28T23:15:07.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://delinea.com/products/secret-server"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://delinea.com/products/secret-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit"
],
"url": "https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2024-33891.py"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-25653
Vulnerability from fkie_nvd - Published: 2024-03-14 03:15 - Updated: 2025-10-14 17:21
Severity ?
Summary
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 11.4.000000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI."
},
{
"lang": "es",
"value": "El control de acceso roto en la funcionalidad de informes de Delinea PAM Secret Server 11.4 permite a los usuarios sin privilegios, cuando el modo de administraci\u00f3n ilimitado est\u00e1 habilitado, ver informes del sistema y modificar informes personalizados a trav\u00e9s de la funcionalidad de informes en la interfaz de usuario web."
}
],
"id": "CVE-2024-25653",
"lastModified": "2025-10-14T17:21:48.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T03:15:09.017",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-25651
Vulnerability from fkie_nvd - Published: 2024-03-14 03:15 - Updated: 2025-10-14 17:25
Severity ?
Summary
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 11.4.000000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint."
},
{
"lang": "es",
"value": "La enumeraci\u00f3n de usuarios puede ocurrir en la API REST de autenticaci\u00f3n en Delinea PAM Secret Server 11.4. Esto permite a un atacante remoto determinar si un usuario es v\u00e1lido debido a una diferencia en las respuestas del endpoint /oauth2/token."
}
],
"id": "CVE-2024-25651",
"lastModified": "2025-10-14T17:25:40.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T03:15:08.727",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-25652
Vulnerability from fkie_nvd - Published: 2024-03-14 03:15 - Updated: 2025-10-10 16:18
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
8.4 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Summary
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 11.4.000000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality."
},
{
"lang": "es",
"value": "En Delinea PAM Secret Server 11.4, es posible que un usuario (con acceso a la funcionalidad de Informe) obtenga acceso no autorizado a sesiones remotas creadas por usuarios leg\u00edtimos."
}
],
"id": "CVE-2024-25652",
"lastModified": "2025-10-10T16:18:40.933",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0,
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-14T03:15:08.877",
"references": [
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Broken Link"
],
"url": "https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Release Notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Vendor Advisory"
],
"url": "https://trust.delinea.com/"
},
{
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
}
],
"sourceIdentifier": "1443cd92-d354-46d2-9290-d812316ca43a",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "1443cd92-d354-46d2-9290-d812316ca43a",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-25649
Vulnerability from fkie_nvd - Published: 2024-03-14 03:15 - Updated: 2025-11-13 15:32
Severity ?
Summary
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 11.4.000000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies."
},
{
"lang": "es",
"value": "En Delinea PAM Secret Server 11.4, es posible que un atacante (con acceso de administrador a la m\u00e1quina del servidor secreto) lea los siguientes datos de un volcado de memoria: la clave maestra descifrada, las credenciales de la base de datos (cuando la autenticaci\u00f3n de SQL Server est\u00e1 habilitada), el clave de cifrado de mensajes de cola de RabbitMQ y cookies de sesi\u00f3n."
}
],
"id": "CVE-2024-25649",
"lastModified": "2025-11-13T15:32:07.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T03:15:08.540",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-316"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-25650
Vulnerability from fkie_nvd - Published: 2024-03-14 02:15 - Updated: 2025-10-10 16:18
Severity ?
Summary
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | distributed_engine | 8.4.3 | |
| delinea | secret_server | 11.4.000000 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:distributed_engine:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF0873B-C409-4DF9-8666-8C3E3A541685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*",
"matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application."
},
{
"lang": "es",
"value": "El intercambio de claves inseguro entre Delinea PAM Secret Server 11.4 y Distributed Engine 8.4.3 permite a un administrador de PAM obtener la clave sim\u00e9trica (utilizada para cifrar mensajes RabbitMQ) a trav\u00e9s de payloads manipulados en /pre-authenticate, /authenticate y /execute-and. -responder endpoints de API REST. Esto hace posible que un administrador de PAM se haga pasar por el motor y extraiga informaci\u00f3n confidencial de los mensajes publicados en los intercambios de RabbitMQ, sin ser auditado en la aplicaci\u00f3n."
}
],
"id": "CVE-2024-25650",
"lastModified": "2025-10-10T16:18:55.363",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T02:15:50.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-4589
Vulnerability from fkie_nvd - Published: 2023-09-06 12:15 - Updated: 2024-11-21 08:35
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 10.9.000002 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C65A-06F9-41D4-BF9C-D303A8BC578C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update."
},
{
"lang": "es",
"value": "Vulnerabilidad de verificaci\u00f3n insuficiente de autenticidad de datos en Delinea Secret Server, en su versi\u00f3n v10.9.000002. Un atacante con una cuenta de administrador podr\u00eda realizar actualizaciones de software sin los mecanismos adecuados de verificaci\u00f3n de integridad. En este escenario, el proceso de actualizaci\u00f3n carece de firmas digitales y no logra validar la integridad del paquete de actualizaci\u00f3n, lo que permite al atacante inyectar aplicaciones maliciosas durante la actualizaci\u00f3n.\n"
}
],
"id": "CVE-2023-4589",
"lastModified": "2024-11-21T08:35:29.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T12:15:07.967",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-4588
Vulnerability from fkie_nvd - Published: 2023-09-06 12:15 - Updated: 2024-11-21 08:35
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| delinea | secret_server | 10.9.000002 | |
| delinea | secret_server | 11.4.000002 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*",
"matchCriteriaId": "0549C65A-06F9-41D4-BF9C-D303A8BC578C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000002:*:*:*:*:*:*:*",
"matchCriteriaId": "26B9E59F-98C5-4AAE-B0BD-418B8D7EC723",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
},
{
"lang": "es",
"value": "Vulnerabilidad de accesibilidad a archivos en Delinea Secret Server, en sus versiones v10.9.000002 y v11.4.000002. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un usuario autenticado con privilegios administrativos crear un archivo de copia de seguridad en el directorio ra\u00edz web de la aplicaci\u00f3n, cambiando el directorio de copia de seguridad predeterminado a la carpeta wwwroot y descargarlo con algunos archivos de configuraci\u00f3n como encryption.config/ y database.config almacenado en el directorio wwwroot, exponiendo las credenciales de la base de datos en texto plano.\n"
}
],
"id": "CVE-2023-4588",
"lastModified": "2024-11-21T08:35:29.647",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-06T12:15:07.827",
"references": [
{
"source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"sourceIdentifier": "cve-coordination@incibe.es",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "cve-coordination@incibe.es",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-6943 (GCVE-0-2025-6943)
Vulnerability from cvelistv5 – Published: 2025-07-02 15:45 – Updated: 2025-07-02 15:59
VLAI?
Summary
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
0 , ≤ 11.7
(custom)
|
Credits
NCIA researchers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T15:59:37.052875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T15:59:43.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"lessThanOrEqual": "11.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NCIA researchers"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T15:45:01.702Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"assignerShortName": "Delinea",
"cveId": "CVE-2025-6943",
"datePublished": "2025-07-02T15:45:01.702Z",
"dateReserved": "2025-06-30T22:28:29.744Z",
"dateUpdated": "2025-07-02T15:59:43.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12908 (GCVE-0-2024-12908)
Vulnerability from cvelistv5 – Published: 2024-12-26 15:45 – Updated: 2024-12-27 14:22
VLAI?
Summary
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a
malicious document which could trigger the vulnerable handler, allowing them to execute
arbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format.
Severity ?
6.9 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
11.7.31
|
Credits
David Cash and Richard Warren of Amber Wolf
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12908",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T14:22:42.484455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T14:22:58.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Protocol Handler"
],
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "11.7.31"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "David Cash and Richard Warren of Amber Wolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delinea a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eddressed a reported case on Secret Server v11.7.31 (protocol handler version\u003c/span\u003e\u0026nbsp;6.0.3.26)\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;where, within the protocol handler function, URI\u0027s were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a\u0026nbsp;\u003c/span\u003eremote attacker may be able to convince a user to visit a malicious web-page, or open a\nmalicious document which could trigger the vulnerable handler, allowing them to execute\narbitrary code on the user\u0027s machine.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelinea a\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edded additional validation that the downloaded installer\u0027s batch file was in the expected format.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version\u00a06.0.3.26)\u00a0where, within the protocol handler function, URI\u0027s were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a\u00a0remote attacker may be able to convince a user to visit a malicious web-page, or open a\nmalicious document which could trigger the vulnerable handler, allowing them to execute\narbitrary code on the user\u0027s machine.\u00a0Delinea added additional validation that the downloaded installer\u0027s batch file was in the expected format."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T15:45:39.592Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000049.htm"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"assignerShortName": "Delinea",
"cveId": "CVE-2024-12908",
"datePublished": "2024-12-26T15:45:39.592Z",
"dateReserved": "2024-12-23T16:24:16.226Z",
"dateUpdated": "2024-12-27T14:22:58.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33891 (GCVE-0-2024-33891)
Vulnerability from cvelistv5 – Published: 2024-04-28 00:00 – Updated: 2025-02-12 14:59
VLAI?
Summary
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea",
"versions": [
{
"status": "affected",
"version": "11.7000001"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33891",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:59:26.788154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:59:33.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2024-33891.py"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://delinea.com/products/secret-server"
},
{
"tags": [
"x_transferred"
],
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T22:40:49.447Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://delinea.com/products/secret-server"
},
{
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-33891",
"datePublished": "2024-04-28T00:00:00.000Z",
"dateReserved": "2024-04-28T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:59:33.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25650 (GCVE-0-2024-25650)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-11-21 15:24
VLAI?
Summary
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:29:10.730223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:24:14.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:04:47.120519",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25650",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-11-21T15:24:14.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25649 (GCVE-0-2024-25649)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-08-27 18:37
VLAI?
Summary
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
Severity ?
6.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25649",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T18:33:33.416842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316 Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T18:37:01.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:15:59.546531",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25649",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-27T18:37:01.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25653 (GCVE-0-2024-25653)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-08-29 17:37
VLAI?
Summary
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25653",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T14:45:11.488172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:37:44.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:46:36.878428",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25653",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-29T17:37:44.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25652 (GCVE-0-2024-25652)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2025-05-20 14:46
VLAI?
Summary
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.
Severity ?
7.6 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
11.4
|
Credits
Agenzia Per La Cybersicurezza Nazionale
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T15:37:14.867622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:46:12.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia Per La Cybersicurezza Nazionale"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.\u003c/p\u003e"
}
],
"value": "In Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T20:21:52.748Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com/"
},
{
"tags": [
"product",
"related"
],
"url": "https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Follow \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin\"\u003eproduct hardening guidelines\u003c/a\u003e\u0026nbsp;(LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later.\u0026nbsp;"
}
],
"value": "Follow product hardening guidelines https://https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm \u00a0(LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25652",
"datePublished": "2024-03-14T00:00:00.000Z",
"dateReserved": "2024-02-09T00:00:00.000Z",
"dateUpdated": "2025-05-20T14:46:12.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25651 (GCVE-0-2024-25651)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-08-22 19:09
VLAI?
Summary
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T18:58:24.436670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:09:11.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:18:20.191439",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25651",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-22T19:09:11.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4589 (GCVE-0-2023-4589)
Vulnerability from cvelistv5 – Published: 2023-09-06 11:48 – Updated: 2024-09-26 17:56
VLAI?
Summary
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
Severity ?
9.1 (Critical)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
v10.9.000002
|
Credits
Héctor de Armas Padrón (@3v4SI0N)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:55:50.932986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:56:10.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v10.9.000002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"
}
],
"datePublic": "2023-09-06T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update."
}
],
"value": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T11:48:59.706Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4589",
"datePublished": "2023-09-06T11:48:59.706Z",
"dateReserved": "2023-08-29T07:44:09.417Z",
"dateUpdated": "2024-09-26T17:56:10.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4588 (GCVE-0-2023-4588)
Vulnerability from cvelistv5 – Published: 2023-09-06 11:43 – Updated: 2024-09-06 14:12
VLAI?
Summary
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.
Severity ?
6.8 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
v10.9.000002
Affected: v11.4.000002 |
Credits
Héctor de Armas Padrón (@3v4SI0N)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:07:06.809136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:12:59.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v10.9.000002"
},
{
"status": "affected",
"version": "v11.4.000002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"
}
],
"datePublic": "2023-09-06T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
}
],
"value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T11:43:19.278Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "File accessibility vulnerability in Delinea Secret Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4588",
"datePublished": "2023-09-06T11:43:19.278Z",
"dateReserved": "2023-08-29T07:44:07.813Z",
"dateUpdated": "2024-09-06T14:12:59.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6943 (GCVE-0-2025-6943)
Vulnerability from nvd – Published: 2025-07-02 15:45 – Updated: 2025-07-02 15:59
VLAI?
Summary
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.
Severity ?
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
0 , ≤ 11.7
(custom)
|
Credits
NCIA researchers
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-02T15:59:37.052875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T15:59:43.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"lessThanOrEqual": "11.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NCIA researchers"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSecret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-02T15:45:01.702Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000060.htm"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000061.htm"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server-changelog/secret-server-change-log.htm?cshid=secret-server-changelog#Friday,_November_22,_2024"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"assignerShortName": "Delinea",
"cveId": "CVE-2025-6943",
"datePublished": "2025-07-02T15:45:01.702Z",
"dateReserved": "2025-06-30T22:28:29.744Z",
"dateUpdated": "2025-07-02T15:59:43.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12908 (GCVE-0-2024-12908)
Vulnerability from nvd – Published: 2024-12-26 15:45 – Updated: 2024-12-27 14:22
VLAI?
Summary
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a
malicious document which could trigger the vulnerable handler, allowing them to execute
arbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format.
Severity ?
6.9 (Medium)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
11.7.31
|
Credits
David Cash and Richard Warren of Amber Wolf
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12908",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-27T14:22:42.484455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-27T14:22:58.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Protocol Handler"
],
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "11.7.31"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "David Cash and Richard Warren of Amber Wolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Delinea a\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eddressed a reported case on Secret Server v11.7.31 (protocol handler version\u003c/span\u003e\u0026nbsp;6.0.3.26)\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;where, within the protocol handler function, URI\u0027s were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a\u0026nbsp;\u003c/span\u003eremote attacker may be able to convince a user to visit a malicious web-page, or open a\nmalicious document which could trigger the vulnerable handler, allowing them to execute\narbitrary code on the user\u0027s machine.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDelinea a\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edded additional validation that the downloaded installer\u0027s batch file was in the expected format.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version\u00a06.0.3.26)\u00a0where, within the protocol handler function, URI\u0027s were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a\u00a0remote attacker may be able to convince a user to visit a malicious web-page, or open a\nmalicious document which could trigger the vulnerable handler, allowing them to execute\narbitrary code on the user\u0027s machine.\u00a0Delinea added additional validation that the downloaded installer\u0027s batch file was in the expected format."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-26T15:45:39.592Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000049.htm"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.amberwolf.com/blog/2024/december/cve-2024-12908-delinea-protocol-handler---remote-code-execution-via-update-process/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"assignerShortName": "Delinea",
"cveId": "CVE-2024-12908",
"datePublished": "2024-12-26T15:45:39.592Z",
"dateReserved": "2024-12-23T16:24:16.226Z",
"dateUpdated": "2024-12-27T14:22:58.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33891 (GCVE-0-2024-33891)
Vulnerability from nvd – Published: 2024-04-28 00:00 – Updated: 2025-02-12 14:59
VLAI?
Summary
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea",
"versions": [
{
"status": "affected",
"version": "11.7000001"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33891",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T14:59:26.788154Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T14:59:33.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/straightblast/My-PoC-Exploits/blob/master/CVE-2024-33891.py"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:42:59.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://delinea.com/products/secret-server"
},
{
"tags": [
"x_transferred"
],
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"tags": [
"x_transferred"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-28T22:40:49.447Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://delinea.com/products/secret-server"
},
{
"url": "https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3"
},
{
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ss-rn-11-7-000001.htm"
},
{
"url": "https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-33891",
"datePublished": "2024-04-28T00:00:00.000Z",
"dateReserved": "2024-04-28T00:00:00.000Z",
"dateUpdated": "2025-02-12T14:59:33.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25650 (GCVE-0-2024-25650)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-11-21 15:24
VLAI?
Summary
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application.
Severity ?
5.9 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25650",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T14:29:10.730223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:24:14.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:04:47.120519",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25650",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-11-21T15:24:14.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25649 (GCVE-0-2024-25649)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-08-27 18:37
VLAI?
Summary
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
Severity ?
6.7 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25649",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-27T18:33:33.416842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-316",
"description": "CWE-316 Cleartext Storage of Sensitive Information in Memory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T18:37:01.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:15:59.546531",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25649",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-27T18:37:01.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25653 (GCVE-0-2024-25653)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-08-29 17:37
VLAI?
Summary
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
Severity ?
4.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25653",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T14:45:11.488172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T17:37:44.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:46:36.878428",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25653",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-29T17:37:44.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25652 (GCVE-0-2024-25652)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2025-05-20 14:46
VLAI?
Summary
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.
Severity ?
7.6 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
11.4
|
Credits
Agenzia Per La Cybersicurezza Nazionale
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T15:37:14.867622Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T14:46:12.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Agenzia Per La Cybersicurezza Nazionale"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.\u003c/p\u003e"
}
],
"value": "In Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T20:21:52.748Z",
"orgId": "1443cd92-d354-46d2-9290-d812316ca43a",
"shortName": "Delinea"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
},
{
"tags": [
"release-notes"
],
"url": "https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.delinea.com/"
},
{
"tags": [
"product",
"related"
],
"url": "https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Follow \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin\"\u003eproduct hardening guidelines\u003c/a\u003e\u0026nbsp;(LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later.\u0026nbsp;"
}
],
"value": "Follow product hardening guidelines https://https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm \u00a0(LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25652",
"datePublished": "2024-03-14T00:00:00.000Z",
"dateReserved": "2024-02-09T00:00:00.000Z",
"dateUpdated": "2025-05-20T14:46:12.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25651 (GCVE-0-2024-25651)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-08-22 19:09
VLAI?
Summary
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:delinea_pam:secret_server:11.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secret_server",
"vendor": "delinea_pam",
"versions": [
{
"status": "affected",
"version": "11.4"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25651",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T18:58:24.436670Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:09:11.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T02:18:20.191439",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-25651",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-02-09T00:00:00",
"dateUpdated": "2024-08-22T19:09:11.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4589 (GCVE-0-2023-4589)
Vulnerability from nvd – Published: 2023-09-06 11:48 – Updated: 2024-09-26 17:56
VLAI?
Summary
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
Severity ?
9.1 (Critical)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
v10.9.000002
|
Credits
Héctor de Armas Padrón (@3v4SI0N)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4589",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T17:55:50.932986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T17:56:10.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v10.9.000002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"
}
],
"datePublic": "2023-09-06T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update."
}
],
"value": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T11:48:59.706Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Insufficient verification of data authenticity vulnerability in Delinea Secret Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4589",
"datePublished": "2023-09-06T11:48:59.706Z",
"dateReserved": "2023-08-29T07:44:09.417Z",
"dateUpdated": "2024-09-26T17:56:10.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4588 (GCVE-0-2023-4588)
Vulnerability from nvd – Published: 2023-09-06 11:43 – Updated: 2024-09-06 14:12
VLAI?
Summary
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.
Severity ?
6.8 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Delinea | Secret Server |
Affected:
v10.9.000002
Affected: v11.4.000002 |
Credits
Héctor de Armas Padrón (@3v4SI0N)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4588",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-06T14:07:06.809136Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:12:59.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secret Server",
"vendor": "Delinea",
"versions": [
{
"status": "affected",
"version": "v10.9.000002"
},
{
"status": "affected",
"version": "v11.4.000002"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"
}
],
"datePublic": "2023-09-06T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
}
],
"value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
}
],
"impacts": [
{
"capecId": "CAPEC-150",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-150 Collect Data from Common Resource Locations"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T11:43:19.278Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "File accessibility vulnerability in Delinea Secret Server",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2023-4588",
"datePublished": "2023-09-06T11:43:19.278Z",
"dateReserved": "2023-08-29T07:44:07.813Z",
"dateUpdated": "2024-09-06T14:12:59.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}