Centrify PAS v. 21.3 and possibly others
Impact: This vulnerability may allow to dump credentials for DB or even dump entire local DB. Also an attacker may retrieve encryption keys for stored credentials.
Access Vector: The vulnerability can be exploited by any authorized user with network access.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
7.7
CVE-2024-5865
The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory.
Apply patch from vendor. Versions 23.1-HF7 and on have the patch.
The vulnerability was discovered by Vladas Bulavas from Kaspersky
https://github.com/klsecservices/Advisories/blob/master/K-Delinea-2023-001.md