CVE-2014-4861

The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
VendorProductVersion
thycoticsecret_server
7.5.000000 ≤
𝑥
≤ 8.6.000009
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/
http://thycotic.com/products/secret-server/resources/advisories/cve-2014-4861/