CVE-2024-25649
Last modified
CVE-2024-25649 is a medium-severity vulnerability rated 6.7/10 on the CVSS scale. In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.. EPSS estimates a 0.08% chance of exploitation in the next 30 days.
Description
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Delinea | Secret Server | 11.4.000000 |
References
- https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649Third Party Advisory
- https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-25649?
How severe is CVE-2024-25649?
How do I fix CVE-2024-25649?
Are you affected by CVE-2024-25649?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST