Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5072
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and previous versions allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
NA
CVE_2022_40684
Official Writeup - Simple CTF 2.0 Created: April 23, 2024 7:50 PM Today I completed an other room on TryHackMe with a simple file-upload vulnerability which I built. I have tried for dancing around this whole CTF machine and getting a lot of walls of challenges in the end it co...
1 Github repository
NA
CVE-2024-2918
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.
NA
CVE-2024-2915
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
NA
CVE-2024-2921
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and previous versions allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.
NA
CVE-2024-25649
In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key...
NA
CVE-2024-25651
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote malicious user to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
NA
CVE-2024-25652
In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users.
NA
CVE-2024-25653
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
NA
CVE-2024-25650
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »