Secret Server
by Thycotic
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-4861 | Cri | 0.64 | 9.8 | 0.01 | Mar 9, 2018 | The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | ||
| CVE-2017-11725 | Med | 0.35 | 5.4 | 0.01 | Jul 29, 2017 | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | ||
| CVE-2015-3443 | 0.03 | — | 0.02 | Jul 2, 2015 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the… | |||
| CVE-2021-41845 | 0.00 | — | 0.01 | Oct 1, 2021 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | |||
| CVE-2019-18357 | 0.00 | — | 0.01 | Oct 23, 2019 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | |||
| CVE-2019-18356 | 0.00 | — | 0.01 | Oct 23, 2019 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | |||
| CVE-2019-18355 | 0.00 | — | 0.02 | Oct 23, 2019 | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | |||
| CVE-2015-4094 | 0.00 | — | 0.01 | Jun 2, 2015 | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- risk 0.64cvss 9.8epss 0.01
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
- risk 0.35cvss 5.4epss 0.01
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
- CVE-2015-3443Jul 2, 2015risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the…
- CVE-2021-41845Oct 1, 2021risk 0.00cvss —epss 0.01
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
- CVE-2019-18357Oct 23, 2019risk 0.00cvss —epss 0.01
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
- CVE-2019-18356Oct 23, 2019risk 0.00cvss —epss 0.01
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
- CVE-2019-18355Oct 23, 2019risk 0.00cvss —epss 0.02
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
- CVE-2015-4094Jun 2, 2015risk 0.00cvss —epss 0.01
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.