VYPR
Vendor

Thycotic

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2014-4861CriMar 9, 2018
    risk 0.64cvss 9.8epss 0.01

    The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.

  • CVE-2017-11725MedJul 29, 2017
    risk 0.35cvss 5.4epss 0.01

    The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.

  • CVE-2015-3443Jul 2, 2015
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the…

  • CVE-2021-41845Oct 1, 2021
    risk 0.00cvss epss 0.01

    A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.

  • CVE-2021-34679Jun 11, 2021
    risk 0.00cvss epss 0.01

    Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

  • CVE-2019-18357Oct 23, 2019
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).

  • CVE-2019-18356Oct 23, 2019
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).

  • CVE-2019-18355Oct 23, 2019
    risk 0.00cvss epss 0.02

    An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.

  • CVE-2015-4094Jun 2, 2015
    risk 0.00cvss epss 0.01

    The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.