汇总 thycotic 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SQL 注入与SSRF 相关,可能在 软件部署与生产负载 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2021-41845 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | [email protected] | 6.5 | 0.66% | 2021-10-01 | 2026-06-17 |
| CVE-2021-34679 | Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | [email protected] | 10.0 | 1.02% | 2021-06-11 | 2026-06-16 |
| CVE-2019-18357 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | [email protected] | 6.1 | 0.78% | 2019-10-23 | 2026-06-16 |
| CVE-2019-18356 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | [email protected] | 6.1 | 0.79% | 2019-10-23 | 2026-06-16 |
| CVE-2019-18355 | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | [email protected] | 9.8 | 1.51% | 2019-10-23 | 2026-06-16 |
| CVE-2014-4861 | The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | [email protected] | 9.8 | 1.19% | 2018-03-09 | 2026-06-16 |
| CVE-2017-11725 | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | [email protected] | 5.4 | 0.57% | 2017-07-29 | 2026-06-16 |
| CVE-2015-3443 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | [email protected] | 3.5 | 2.02% | 2015-07-02 | 2026-06-16 |
| CVE-2015-4094 | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.8 | 0.59% | 2015-06-02 | 2026-06-16 |