Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Centrify PAS by Delinea

    CVE-2024-5866 (GCVE-0-2024-5866)

    Vulnerability from nvd – Published: 2024-07-02 15:58 – Updated: 2024-08-01 21:25
    VLAI
    Title
    Arbitrary Directory Listing in Centrify PAS
    Summary
    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delinea Centrify PAS Affected: v. 21.3
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Vladas Bulavas from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5866",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:58:56.437338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T19:38:36.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Centrify PAS",
              "vendor": "Delinea",
              "versions": [
                {
                  "status": "affected",
                  "version": "v. 21.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "CWE-26: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T15:58:35.304Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary Directory Listing in Centrify PAS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2024-5866",
        "datePublished": "2024-07-02T15:58:35.304Z",
        "dateReserved": "2024-06-11T15:12:47.502Z",
        "dateUpdated": "2024-08-01T21:25:03.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5865 (GCVE-0-2024-5865)

    Vulnerability from nvd – Published: 2024-07-02 15:55 – Updated: 2024-08-01 21:25
    VLAI
    Title
    Arbitrary File Reading in Centrify PAS
    Summary
    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delinea Centrify PAS Affected: v. 21.3
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Vladas Bulavas from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:08:01.184913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T18:08:10.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Centrify PAS",
              "vendor": "Delinea",
              "versions": [
                {
                  "status": "affected",
                  "version": "v. 21.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "CWE-26: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T15:55:23.267Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Reading in Centrify PAS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2024-5865",
        "datePublished": "2024-07-02T15:55:23.267Z",
        "dateReserved": "2024-06-11T15:11:40.192Z",
        "dateUpdated": "2024-08-01T21:25:03.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5866 (GCVE-0-2024-5866)

    Vulnerability from cvelistv5 – Published: 2024-07-02 15:58 – Updated: 2024-08-01 21:25
    VLAI
    Title
    Arbitrary Directory Listing in Centrify PAS
    Summary
    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delinea Centrify PAS Affected: v. 21.3
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Vladas Bulavas from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5866",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:58:56.437338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T19:38:36.342Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.145Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Centrify PAS",
              "vendor": "Delinea",
              "versions": [
                {
                  "status": "affected",
                  "version": "v. 21.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing listing of arbitrary directory outside the root directory of the web application. Versions 23.1-HF7 and on have the patch."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "CWE-26: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T15:58:35.304Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-002.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary Directory Listing in Centrify PAS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2024-5866",
        "datePublished": "2024-07-02T15:58:35.304Z",
        "dateReserved": "2024-06-11T15:12:47.502Z",
        "dateUpdated": "2024-08-01T21:25:03.145Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5865 (GCVE-0-2024-5865)

    Vulnerability from cvelistv5 – Published: 2024-07-02 15:55 – Updated: 2024-08-01 21:25
    VLAI
    Title
    Arbitrary File Reading in Centrify PAS
    Summary
    Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Delinea Centrify PAS Affected: v. 21.3
    Create a notification for this product.
    Credits
    The vulnerability was discovered by Vladas Bulavas from Kaspersky
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5865",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-02T18:08:01.184913Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-02T18:08:10.063Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:03.196Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Centrify PAS",
              "vendor": "Delinea",
              "versions": [
                {
                  "status": "affected",
                  "version": "v. 21.3"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "The vulnerability was discovered by Vladas Bulavas from Kaspersky"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. \u003cbr\u003e"
                }
              ],
              "value": "Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-139",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-139 Relative Path Traversal"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-26",
                  "description": "CWE-26: Path Traversal",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-02T15:55:23.267Z",
            "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
            "shortName": "Kaspersky"
          },
          "references": [
            {
              "url": "https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Arbitrary File Reading in Centrify PAS",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "assignerShortName": "Kaspersky",
        "cveId": "CVE-2024-5865",
        "datePublished": "2024-07-02T15:55:23.267Z",
        "dateReserved": "2024-06-11T15:11:40.192Z",
        "dateUpdated": "2024-08-01T21:25:03.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }