Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient verification of data authenticity vulnerability in Delinea Secret Server
Vulnerability Description
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Delinea Secret Server 数据伪造问题漏洞
Vulnerability Description
Delinea Secret Server是美国Delinea公司的一个云端或本地的强大 PAM。 Delinea Secret Server v10.9.000002 版本存在安全漏洞,该漏洞源于拥有管理员帐户的攻击者可以在没有适当的完整性验证机制的情况下执行软件更新,在这种情况下,更新过程缺乏数字签名,无法验证更新包的完整性,导致攻击者在更新过程中可以注入恶意应用程序。
CVSS Information
N/A
Vulnerability Type
N/A