Unauthorized Access to Remote Sessions Possible in Delinea PAM Secret Server 11.4
CVE-2024-25652

7.6HIGH

Key Information:

Vendor

Delinea

Status
Secret Server
Vendor
CVE Published:
14 March 2024

What is CVE-2024-25652?

In Delinea PAM Secret Server version 11.4, an integrity vulnerability allows users with Report functionality access to unauthorized remote sessions. This security flaw enables unauthorized users to potentially view or interact with remote sessions initiated by legitimate users, posing risks of data leakage and compromising secure operations. Organizations should take immediate steps to mitigate this vulnerability and ensure that access controls are correctly configured.

Affected Version(s)

Secret Server 11.4

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
third-party-advisory
https://docs.delinea.com/online-help/secret-server/releas...
release-notes
https://trust.delinea.com/
vendor-advisory

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.