CVE-2024-33891

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 28, 2024

Updated: Jul 3, 2024

CWE ID 321

Summary

CVE-2024-33891: A vulnerability has been identified in Delinea Secret Server versions prior to 11.7.00001. This issue enables unauthorized access through the SOAP API in SecretServer/webservices/SSWebService.asmx. The root cause involves a hardcoded key, the integer 2 being used for the Admin user, and the removal of the oauthExpirationId attribute. Attackers can exploit this flaw to bypass authentication and gain unrestricted access to the system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vqeq6c
https://www.cve.org/CVERecord?id=CVE-2024-33891
https://nvd.nist.gov/vuln/detail/CVE-2024-33891

Back to Vulnerability Database

CVE-2024-33891

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations