thycotic secret_server の CVE（8 件）

CVE 件数: 8 CPE versions: View versions table

概要

本ページは thycotic secret_server に影響する公開済み CVE（NVD の CPE 経由で関連付け）を列挙します。各行に深刻度指標・概要・公開日が含まれます。

CVE	概要	ソース	CVSS 最大値	EPSS（%）	公開	更新
CVE-2021-41845	A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.	[email protected]	6.5	0.66%	2021-10-01	2024-11-21
CVE-2019-18357	An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).	[email protected]	6.1	0.78%	2019-10-23	2024-11-21
CVE-2019-18356	An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).	[email protected]	6.1	0.79%	2019-10-23	2024-11-21
CVE-2019-18355	An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.	[email protected]	9.8	1.51%	2019-10-23	2024-11-21
CVE-2014-4861	The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.	[email protected]	9.8	1.19%	2018-03-09	2024-11-21
CVE-2017-11725	The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.	[email protected]	5.4	0.57%	2017-07-29	2026-05-13
CVE-2015-3443	Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.	[email protected]	3.5	2.02%	2015-07-02	2026-05-06
CVE-2015-4094	The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.	[email protected]	5.8	0.59%	2015-06-02	2026-05-06

cvelogic Threat Intelligence