Every CVE whose affected-product data names Delinea Secret Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-4589 — CVSS 9.1 (critical): Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an…
CVE-2024-33891 — CVSS 8.8 (high): Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService…
CVE-2024-25652 — CVSS 7.6 (high): In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report…
CVE-2024-12908 — CVSS 6.9 (medium): Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler…
CVE-2023-4588 — CVSS 6.8 (medium): File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this…
CVE-2024-25649 — CVSS 6.7 (medium): In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the…
CVE-2025-12810 — CVSS 6.5 (medium): Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret…
CVE-2024-25650 — CVSS 5.9 (medium): Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the…
CVE-2024-25651 — CVSS 5.3 (medium): User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine…
CVE-2024-25653 — CVSS 4.3 (medium): Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is…
CVE-2025-6943 — CVSS 3.8 (low): Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to…