MEDIUM🇬🇧 English

CVE-2024-25653

CVSS 4.3v3.1pub. 2024-03-14upd. 2025-10-14

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Delinea Secret Server

    APP
    Delinea
    11.4.000000
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-4589CRITICAL9.1ten sam produkt

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 ver...

CVE-2024-33891HIGH8.8ten sam produkt

Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretS...

CVE-2024-25652HIGH7.6ten sam produkt

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or w...

CVE-2025-12810MEDIUM5.3ten sam produkt

Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).Th...

CVE-2024-12908MEDIUM6.9ten sam produkt

Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within ...