Thycotic Secret Server — known CVE vulnerabilities
Every CVE whose affected-product data names Thycotic Secret Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2014-4861 — CVSS 9.8 (critical): The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an…
CVE-2021-41845 — CVSS 6.5 (medium): A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. The only affected versions are 10.9.000032…
CVE-2015-4094 — CVSS 5.8 (medium): The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which…
CVE-2017-11725 — CVSS 5.4 (medium): The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVE-2015-3443 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows…