Secret Server
Sign in to watchby Thycotic
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-11725 | Med | 0.35 | 5.4 | 0.00 | Jul 29, 2017 | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |
| CVE-2015-3443 | 0.03 | — | 0.02 | Jul 2, 2015 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | ||
| CVE-2015-4094 | 0.00 | — | 0.00 | Jun 2, 2015 | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |