PT-2024-21069 · Delinea · Delinea Pam Secret Server
Published
2024-03-14
·
Updated
2025-10-14
·
CVE-2024-25653
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Delinea PAM Secret Server version 11.4
Description
The issue allows unprivileged users to view system reports and modify custom reports via the Report functionality in the Web UI when Unlimited Admin Mode is enabled.
Recommendations
For Delinea PAM Secret Server version 11.4, consider disabling the Unlimited Admin Mode as a temporary workaround to minimize the risk of exploitation. Restrict access to the Report functionality in the Web UI until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Delinea Pam Secret Server