Thycotic

thycotic

9 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Password Reset Server

password_reset_server

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41845 1Thycotic 1Secret Server Nov 21, 2024 Oct 1, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032 through 11.0.000006.
CVE-2021-34679 1Thycotic 1Password Reset Server Nov 21, 2024 Jun 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Thycotic Password Reset Server before 5.3.0 allows credential disclosure.
CVE-2019-18357 1Thycotic 1Secret Server Nov 21, 2024 Oct 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
CVE-2019-18356 1Thycotic 1Secret Server Nov 21, 2024 Oct 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
CVE-2019-18355 1Thycotic 1Secret Server Nov 21, 2024 Oct 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
CVE-2014-4861 1Thycotic 1Secret Server Nov 21, 2024 Mar 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
CVE-2017-11725 1Thycotic 1Secret Server May 13, 2026 Jul 29, 2017 N/A· v4 5.4 MEDIUM· v3 5.8 MEDIUM· v2 The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVE-2015-3443 1Thycotic 1Secret Server May 6, 2026 Jul 2, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password...Show more Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.Show less
CVE-2015-4094 1Thycotic 1Secret Server May 6, 2026 Jun 2, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information...Show more The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less