CVE-2024-25652

Опубликовано: 14 мар. 2024

Источник: nvd

CVSS3: 7.6

CVSS3: 8.4

EPSS Низкий

Описание

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

Ссылки

https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin
Broken Link
https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm
Release Notes
https://trust.delinea.com/
Vendor Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*

EPSS

Процентиль: 45%

0.00227

Низкий

7.6 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-c472-r2q4-4qpm

CVSS3: 9.8

github

почти 2 года назад

In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.

EPSS

Процентиль: 45%

0.00227

Низкий

7.6 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-287