CVE-2023-4589 CRITICAL

CVE-2023-4589: Insufficient verification of data authenticity vulnerability in Delinea Secret Server

Vendor Delinea
Product Secret Server
Weakness CWE-345
Published September 6, 2023
Last update September 26, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

Key dates

02Disclosure timeline

September 6, 2023 CVE published
September 26, 2024 Record updated

Related vulnerabilities

04Related CVE