thycotic 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk sql injection, and vendor risk ssrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact session compromise and vendor impact data exposure などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-41845 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | [email protected] | 6.5 | 0.66% | 2021-10-01 | 2024-11-21 |
| CVE-2021-34679 | Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | [email protected] | 10.0 | 1.02% | 2021-06-11 | 2024-11-21 |
| CVE-2019-18357 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | [email protected] | 6.1 | 0.78% | 2019-10-23 | 2024-11-21 |
| CVE-2019-18356 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | [email protected] | 6.1 | 0.79% | 2019-10-23 | 2024-11-21 |
| CVE-2019-18355 | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | [email protected] | 9.8 | 1.51% | 2019-10-23 | 2024-11-21 |
| CVE-2014-4861 | The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | [email protected] | 9.8 | 1.19% | 2018-03-09 | 2024-11-21 |
| CVE-2017-11725 | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | [email protected] | 5.4 | 0.57% | 2017-07-29 | 2026-05-13 |
| CVE-2015-3443 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | [email protected] | 3.5 | 2.02% | 2015-07-02 | 2026-05-06 |
| CVE-2015-4094 | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.8 | 0.59% | 2015-06-02 | 2026-05-06 |