8.4

CVE-2024-25652

EPSS 0.23%
Veröffentlicht 14.03.2024 03:15:08
Zuletzt bearbeitet 10.10.2025 16:18:40
Quelle 1443cd92-d354-46d2-9290-d81231
CVE-Watchlists
Login
Unerledigt
Login

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Delinea ≫ Secret Server Version11.4.000000 SwEditionon-premises

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.454

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1443cd92-d354-46d2-9290-d812316ca43a	7.6	1	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652

Third Party Advisory

https://trust.delinea.com/

Vendor Advisory

https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin

Broken Link

https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-25652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25652

EUVD