Delinea Documentation - Bulletins - current

Secret Server 11.2.000003 Security Patch

Delinea discovered a Secret Server vulnerability with rating of CVSS v3.1 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A SQL Injection vulnerability was found in the REST API. Please see Please see the CVSS Calculator for details.

This requires an immediate security patch available October 4, 2022.


Which products are affected?

All versions of Secret Server up to and including 11.2.000002. Secret Server Cloud has already been updated.

What should users do?

Delinea recommends that all Secret Server customers upgrade to version 11.2.000003 at their earliest convenience. Secret Server Cloud users do not need to take any action.


Delinea recommends customers remaining diligent and checking for any suspicious activity in Secret Server that could be generated, not necessarily from this vulnerability, which includes but should not be limited to: