CVE-2024-25652

EPSS 0.59%
Veröffentlicht 14.03.2024 03:15:08
Zuletzt bearbeitet 10.10.2025 16:18:40
Quelle 1443cd92-d354-46d2-9290-d81231
CVE-Watchlists
Login
Unerledigt
Login

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Delinea ≫ Secret Server Version11.4.000000 SwEditionon-premises

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.435

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
1443cd92-d354-46d2-9290-d812316ca43a	7.6	1	6	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652

Third Party Advisory

https://trust.delinea.com/

Vendor Advisory

https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin

Broken Link

https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-25652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-25652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-25652

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-25652