CVE-2023-4589

CRITICAL

Delinea Secret Server <10.9.000002 - Code Injection

Title source: llm

Description

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server

Scores

CVSS v3 9.1

EPSS 0.0011

EPSS Percentile 29.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-345

Status published

Products (1)

delinea/secret_server 10.9.000002

Published Sep 06, 2023

Tracked Since Feb 18, 2026