SQL Injection vulnerability in all versions of Delinea’s Secret Server

Delinea Secret Server Vulnerability

Our partner Delinea (formerly known as Thycotic) has published an important security update and highly recommend all customers to update at their earliest opportunity.

This update addresses a security vulnerability recently discovered during internal testing and impacts all versions of Secret Sever.

This issue is rated HIGH with a score of 8.8 on the Common Vulnerability Scoring System (CVSS). CVSS v3.1 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

SECURITY ISSUE:A SQL Injection vulnerability was found in the REST API.

SCOPE:This security release is applicable to all customers who have Secret Server.

We recommend all affected Secret Server on-premises customers upgrade immediately or at your earliest convenience to version 11.2.000003.

This vulnerability has been patched in Secret Server Cloud, so there is no additional update to address it.

For additional information about this release, please see the release notes and the support bulletin.

If you have any additional questions, our Delinea Secret Server vulnerability experts are here to help. Fill out the form below to contact us and we’ll get back to you as soon as possible.

Delinea vulnerability - 5 October 2022