CVE-2024-25652

Sažetak

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.

Reference

https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin
https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm
https://trust.delinea.com/
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652

CVSS

Base:	7.6
Impact:	6.0
Exploitability:	1.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Zadnje važnije ažuriranje

20-05-2025 - 15:16

Objavljeno

14-03-2024 - 03:15