A vulnerability exists that could allow a bad actor to bypass authentication and gain admin access to Delinea Secret Server which is a Privileged Access Management solution. Attackers could potentially extract secrets. The vulnerability exists in the Secret Server SOAP API. Information on the vulnerability and a PoC are already available from a blog post by researcher Johnny Yu. Unfortunately Delinea did not appear to take action until the blog was publicly published.
Delinea has released Secret Server On-Premises 11.7.000001 which fixes the flaw and patches for older versions will be released after testing.
More info below!
https://nvd.nist.gov/vuln/detail/CVE-2024-33891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33891