Vulnerabilities > Thycotic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-01 | CVE-2021-41845 | SQL Injection vulnerability in Thycotic Secret Server 10.9.000032 A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. | 4.0 |
| 2021-06-11 | CVE-2021-34679 | Information Exposure vulnerability in Thycotic Password Reset Server Thycotic Password Reset Server before 5.3.0 allows credential disclosure. | 5.0 |
| 2019-10-23 | CVE-2019-18357 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18356 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18355 | Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7. | 7.5 |
| 2018-03-09 | CVE-2014-4861 | Credentials Management vulnerability in Thycotic Secret Server 8.6.000000/8.6.000009 The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended. | 7.5 |
| 2017-07-29 | CVE-2017-11725 | Open Redirect vulnerability in Thycotic Secret Server The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | 5.8 |
| 2015-07-02 | CVE-2015-3443 | Cross-site Scripting vulnerability in Thycotic Secret Server Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. | 3.5 |
| 2015-06-02 | CVE-2015-4094 | Improper Certificate Validation vulnerability in Thycotic Secret Server 2.3 The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |