VYPR
Vendor

Delinea

Products
4
CVEs
17
Across products
18
Status
Private

Products

4

Recent CVEs

17
  • CVE-2026-2409CriFeb 19, 2026
    risk 0.60cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delinea Cloud Suite allows Argument Injection.This issue affects Cloud Suite: before 25.2 HF1.

  • CVE-2023-4589CriSep 6, 2023
    risk 0.59cvss 9.1epss 0.00

    Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process…

  • CVE-2025-12811MedFeb 18, 2026
    risk 0.45cvss epss 0.00

    Improper Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in Delinea Inc. Cloud Suite and Privileged Access Service. If you're not using the latest Server Suite agents, this fix requires that you upgrade to Server Suite 2023.1 (agent 6.0.1) or later. * …

  • CVE-2023-4588MedSep 6, 2023
    risk 0.44cvss 6.8epss 0.00

    File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing…

  • CVE-2025-12812MedFeb 18, 2026
    risk 0.34cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Delinea Inc. Cloud Suite and Privileged Access Service. Remediation: This issue is fixed in Cloud Suite: 25.1

  • CVE-2025-6942LowJul 2, 2025
    risk 0.25cvss 3.8epss 0.00

    The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine.

  • CVE-2025-12810Jan 27, 2026
    risk 0.00cvss epss 0.00

    Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check in" enabled automatically checks in even when the password…

  • CVE-2025-6943Jul 2, 2025
    risk 0.00cvss epss 0.00

    Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.

  • CVE-2024-12908Dec 26, 2024
    risk 0.00cvss epss 0.01

    Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this…

  • CVE-2024-5866Jul 2, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.

  • CVE-2024-5865Jul 2, 2024
    risk 0.00cvss epss 0.00

    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.

  • CVE-2024-33891Apr 28, 2024
    risk 0.00cvss epss 0.01

    Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the integer 2 for the Admin user, and removal of the oauthExpirationId attribute.

  • CVE-2024-25653Mar 14, 2024
    risk 0.00cvss epss 0.00

    Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.

  • CVE-2024-25652Mar 14, 2024
    risk 0.00cvss epss 0.01

    In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by…

  • CVE-2024-25649Mar 14, 2024
    risk 0.00cvss epss 0.00

    In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption…

  • CVE-2024-25651Mar 14, 2024
    risk 0.00cvss epss 0.00

    User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.

  • CVE-2024-25650Mar 14, 2024
    risk 0.00cvss epss 0.00

    Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST…