3.8
CVE-2025-6942
- EPSS 0.01%
- Veröffentlicht 02.07.2025 15:49:16
- Zuletzt bearbeitet 03.07.2025 15:13:53
- Quelle 1443cd92-d354-46d2-9290-d81231
- CVE-Watchlists
- Unerledigt
The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerDelinea
≫
Produkt
Secret Server
Default Statusaffected
Version <=
11.7.49
Version
0
Status
affected
Version <=
8.4.39.0
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.021 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 1443cd92-d354-46d2-9290-d812316ca43a | 3.8 | 0.3 | 3.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.