CVE-2024-25652
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
14/03/2024
Last modified:
10/10/2025
Description
In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality.
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin
- https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm
- https://trust.delinea.com/
- https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
- https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652
- https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652