Delinea Secret_server

11 CVEs affecting Delinea Secret_server. Latest disclosed: 2026-01-27. Critical: 1, High: 2.

Top CVEs affecting Delinea Secret_server
CVESeverityScorePublishedSummary
CVE-2023-4589Critical9.12023-09-06Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account c…
CVE-2024-33891High8.82024-04-28Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is rela…
CVE-2024-25652High7.62024-03-14In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED…
CVE-2024-12908Medium6.92024-12-26Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compare…
CVE-2023-4588Medium6.82023-09-06File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an aut…
CVE-2024-25649Medium6.72024-03-14In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a me…
CVE-2025-12810Medium6.52026-01-27Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 1…
CVE-2024-25650Medium5.92024-03-14Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to e…
CVE-2024-25651Medium5.32024-03-14User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid…
CVE-2024-25653Medium4.32024-03-14Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view sy…
CVE-2025-6943Low3.82025-07-02Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables.