彙總 thycotic 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、SQL 注入與SSRF 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-41845 | A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006. | [email protected] | 6.5 | 0.22% | 2021-10-01 | 2024-11-21 |
| CVE-2021-34679 | Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | [email protected] | 10.0 | 0.24% | 2021-06-11 | 2024-11-21 |
| CVE-2019-18357 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | [email protected] | 6.1 | 0.31% | 2019-10-23 | 2024-11-21 |
| CVE-2019-18356 | An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | [email protected] | 6.1 | 0.31% | 2019-10-23 | 2024-11-21 |
| CVE-2019-18355 | An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | [email protected] | 9.8 | 0.42% | 2019-10-23 | 2024-11-21 |
| CVE-2014-4861 | The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | [email protected] | 9.8 | 0.50% | 2018-03-09 | 2024-11-21 |
| CVE-2017-11725 | The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | [email protected] | 5.4 | 0.16% | 2017-07-29 | 2026-05-13 |
| CVE-2015-3443 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | [email protected] | 3.5 | 1.52% | 2015-07-02 | 2026-05-06 |
| CVE-2015-4094 | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | [email protected] | 5.8 | 0.08% | 2015-06-02 | 2026-05-06 |