CVE-2023-4589

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-345
View all →

Vulnerability Description

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

Related Vulnerabilities

CVE-2016-2309

HIGH
CVSS:7.2(High)

iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.

CWE-3452016

CVE-2020-24045

HIGH
CVSS:7.2(High)

A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The rest...

CWE-3452020

CVE-2020-6090

HIGH
CVSS:7.2(High)

An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution re...

CWE-3452020

CVE-2022-20829

HIGH
CVSS:7.2(High)

A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authentic...

CWE-3452022

CVE-2022-30272

HIGH
CVSS:7.2(High)

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy C...

CWE-3452022

CVE-2023-31502

HIGH
CVSS:7.2(High)

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.

CWE-3452023