Vulnerabilities (CVE)

Filtered by vendor Delinea Subscribe
Filtered by product Secret Server
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4589 1 Delinea 1 Secret Server 2024-11-21 N/A 9.1 CRITICAL
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
CVE-2023-4588 1 Delinea 1 Secret Server 2024-11-21 N/A 6.8 MEDIUM
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.