Thycotic: >> Secret Server >> 8.6.000009 Security Vulnerabilities
An SSRF issue was discovered in the legacy Web launcher in Thycotic Secret Server before 10.7.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-23
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-23
An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2).
CVSS Score
6.1
EPSS Score
0.004
Published
2019-10-23
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-03-09
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-07-29
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.
CVSS Score
3.5
EPSS Score
0.011
Published
2015-07-02