Home/Product/delinea secret server
Product

delinea secret server

19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-12810
all versions
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Sec
6.5MEDIUM
 CVE-2025-6943
< 11.7.000060
Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain a
3.8LOW
 CVE-2024-12908
< 11.9.000006
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handl
6.9MEDIUM
 CVE-2024-33891
< 11.7.000001
Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SS
8.8HIGH
 CVE-2024-25653
all versions
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admi
4.3MEDIUM
 CVE-2024-25652
all versions
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report
7.6HIGH
 CVE-2024-25651
all versions
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to dete
5.3MEDIUM
 CVE-2024-25649
all versions
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read
6.7MEDIUM
 CVE-2024-25650
all versions
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain
5.9MEDIUM
 CVE-2023-4589
all versions
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker wi
9.1CRITICAL
 CVE-2023-4588
all versions
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vul
6.8MEDIUM
 CVE-2021-41845
>= 10.9.000032 and < 11.0.000007
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000
6.5MEDIUM
 CVE-2019-18357
< 10.7.000000
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
6.1MEDIUM
 CVE-2019-18356
< 10.7.000000
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
6.1MEDIUM
 CVE-2019-18355
< 10.7.000000
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
9.8CRITICAL
 CVE-2014-4861
>= 7.5.000000 and <= 8.6.000009
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains a
9.8CRITICAL
 CVE-2017-11725
<= 10.2.000018
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
5.4MEDIUM
 CVE-2015-3443
all versions
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.00000
 CVE-2015-4094
<= 2.3
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, w
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh