Delinea Secret_server
11 CVEs affecting Delinea Secret_server. Latest disclosed: 2026-01-27. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4589 | Critical | 9.1 | 2023-09-06 | Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account c… |
CVE-2024-33891 | High | 8.8 | 2024-04-28 | Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is rela… |
CVE-2024-25652 | High | 7.6 | 2024-03-14 | In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED… |
CVE-2024-12908 | Medium | 6.9 | 2024-12-26 | Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compare… |
CVE-2023-4588 | Medium | 6.8 | 2023-09-06 | File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an aut… |
CVE-2024-25649 | Medium | 6.7 | 2024-03-14 | In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a me… |
CVE-2025-12810 | Medium | 6.5 | 2026-01-27 | Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 1… |
CVE-2024-25650 | Medium | 5.9 | 2024-03-14 | Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to e… |
CVE-2024-25651 | Medium | 5.3 | 2024-03-14 | User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid… |
CVE-2024-25653 | Medium | 4.3 | 2024-03-14 | Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view sy… |
CVE-2025-6943 | Low | 3.8 | 2025-07-02 | Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables. |