Primary

Context

Delinea Secret Server Distributed Engine Authorization Vulnerability

Vulnerability

Patched

An authorization vulnerability has been identified in the distributed engine of Delinea Secret Server, affecting versions through 11.7.49. This vulnerability allows an attacker to impersonate another distributed engine during the initial authorization event.

Impact

Exploitation of this vulnerability could lead to unauthorized impersonation of distributed engines, potentially allowing for unauthorized actions or access within the Secret Server environment.

Reproduction

To reproduce this vulnerability, an attacker would need to initiate an authorization event with the distributed engine. This could be done by manipulating the authorization process to impersonate another engine, taking advantage of the vulnerability during the initial authorization phase.

Remediation

Users are advised to upgrade to Secret Server version 11.7.60 or later.

Added: Jul 2, 2025, 5:05 PM

Updated: Jul 2, 2025, 5:05 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

1.9

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

1.9

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Delinea Secret Server Distributed Engine Authorization Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Delinea Secret Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating