CVE-2023-4589

Name of the Vulnerable Software and Affected Versions Delinea Secret Server version 10.9.000002

Description The issue is related to insufficient verification of data authenticity in the software update process. An attacker with an administrator account could exploit this by performing software updates without proper integrity verification mechanisms, allowing them to inject malicious applications during the update. The update process lacks digital signatures and fails to validate the integrity of the update package.

Recommendations For Delinea Secret Server version 10.9.000002, consider disabling the software update feature until a patch is available to prevent potential exploitation. Restrict access to the update mechanism to minimize the risk of malicious application injection. Avoid using the update process until the issue is resolved with proper integrity verification mechanisms in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.