Delinea

Secret Server

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-12810

  • EPSS 0.03%
  • Veröffentlicht 27.01.2026 19:46:04
  • Zuletzt bearbeitet 06.02.2026 18:26:20

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks i...

3.8

CVE-2025-6942

  • EPSS 0.01%
  • Veröffentlicht 02.07.2025 15:49:16
  • Zuletzt bearbeitet 03.07.2025 15:13:53

The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

4

CVE-2025-6943

  • EPSS 0.02%
  • Veröffentlicht 02.07.2025 15:45:01
  • Zuletzt bearbeitet 10.10.2025 15:31:36

Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.

8.3

CVE-2024-12908

Exploit
  • EPSS 0.24%
  • Veröffentlicht 26.12.2024 16:15:06
  • Zuletzt bearbeitet 15.10.2025 17:08:20

Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against t...

8.8

CVE-2024-33891

Exploit
  • EPSS 0.63%
  • Veröffentlicht 28.04.2024 23:15:07
  • Zuletzt bearbeitet 28.10.2025 18:50:31

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oau...

4.3

CVE-2024-25653

  • EPSS 0.07%
  • Veröffentlicht 14.03.2024 03:15:09
  • Zuletzt bearbeitet 14.10.2025 17:21:48

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.

6.7

CVE-2024-25649

  • EPSS 0.01%
  • Veröffentlicht 14.03.2024 03:15:08
  • Zuletzt bearbeitet 13.11.2025 15:32:07

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication i...

5.3

CVE-2024-25651

  • EPSS 0.29%
  • Veröffentlicht 14.03.2024 03:15:08
  • Zuletzt bearbeitet 14.10.2025 17:25:40

User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.

8.4

CVE-2024-25652

  • EPSS 0.23%
  • Veröffentlicht 14.03.2024 03:15:08
  • Zuletzt bearbeitet 10.10.2025 16:18:40

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote ...

5.9

CVE-2024-25650

  • EPSS 0.04%
  • Veröffentlicht 14.03.2024 02:15:50
  • Zuletzt bearbeitet 10.10.2025 16:18:55

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and...