CVE-2024-25653

{"id": "CVE-2024-25653", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-03-14T03:15:09.017", "references": [{"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI."}, {"lang": "es", "value": "El control de acceso roto en la funcionalidad de informes de Delinea PAM Secret Server 11.4 permite a los usuarios sin privilegios, cuando el modo de administraci\u00f3n ilimitado est\u00e1 habilitado, ver informes del sistema y modificar informes personalizados a trav\u00e9s de la funcionalidad de informes en la interfaz de usuario web."}], "lastModified": "2025-10-14T17:21:48.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:delinea:secret_server:11.4.000000:*:*:*:on-premises:*:*:*", "vulnerable": true, "matchCriteriaId": "789631D5-6DEC-4690-B68F-F13B234E5B6B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}