Thycotic: >> Secret Server >> 2.3 Security Vulnerabilities
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-23
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-23
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-23
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-29
The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.8
EPSS Score
0.001
Published
2015-06-02