Thycotic Secret Server vulnerabilities
8 known vulnerabilities affecting thycotic/secret_server.
Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM5LOW1
Vulnerabilities
Page 1 of 1
CVE-2019-18355P3CRITICALCVSS 9.8fixed in 10.7.0000002019-10-23
CVE-2019-18355 [CRITICAL] CWE-918 CVE-2019-18355: An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
nvd
CVE-2014-4861P3CRITICALCVSS 9.8≥ 7.5.000000, ≤ 8.6.0000092018-03-09
CVE-2014-4861 [CRITICAL] CWE-255 CVE-2014-4861: The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
nvd
CVE-2015-3443P4LOWCVSS 3.5PoCv8.6.000000v8.6.000009+5 more2015-07-02
CVE-2015-3443 [LOW] CWE-79 CVE-2015-3443: Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.
nvd
CVE-2021-41845P3MEDIUMCVSS 6.5≥ 10.9.000032, < 11.0.0000072021-10-01
CVE-2021-41845 [MEDIUM] CWE-89 CVE-2021-41845: A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only
A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
nvd
CVE-2019-18356P4MEDIUMCVSS 6.1fixed in 10.7.0000002019-10-23
CVE-2019-18356 [MEDIUM] CWE-79 CVE-2019-18356: An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
nvd
CVE-2019-18357P4MEDIUMCVSS 6.1fixed in 10.7.0000002019-10-23
CVE-2019-18357 [MEDIUM] CWE-79 CVE-2019-18357: An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
nvd
CVE-2017-11725P4MEDIUMCVSS 5.4≤ 10.2.0000182017-07-29
CVE-2017-11725 [MEDIUM] CWE-601 CVE-2017-11725: The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
nvd
CVE-2015-4094P4MEDIUMCVSS 5.8≤ 2.32015-06-02
CVE-2015-4094 [MEDIUM] CWE-295 CVE-2015-4094: The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 ce
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
nvd