Описание
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*
EPSS
Процентиль: 1%
0.0001
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-316
Связанные уязвимости
CVSS3: 6.7
github
почти 2 года назад
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
EPSS
Процентиль: 1%
0.0001
Низкий
6.7 Medium
CVSS3
Дефекты
CWE-316