Vulnerabilities > Thycotic > Secret Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-10-23 CVE-2019-18355 Server-Side Request Forgery (SSRF) vulnerability in Thycotic Secret Server
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
network
low complexity
thycotic CWE-918
critical
9.8
2018-03-09 CVE-2014-4861 Credentials Management vulnerability in Thycotic Secret Server
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
network
low complexity
thycotic CWE-255
critical
9.8