Vulnerability Details : CVE-2023-4589
Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.
Published
2023-09-06 12:15:08
Updated
2023-09-11 13:44:48
Products affected by CVE-2023-4589
- cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4589
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4589
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
Spanish National Cybersecurity Institute, S.A. (INCIBE) | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2023-4589
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by:
- cve-coordination@incibe.es (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-4589
-
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server
Multiple Vulnerabilities Delinea Secret Server | INCIBE-CERT | INCIBEThird Party Advisory
Jump to