A high-severity vulnerability has been identified in Securden’s Unified PAM Remote Vendor Gateway access portal. This flaw allows for improper separation between different customer environments (tenants), meaning an attacker who compromises one tenant could potentially gain unauthorized access to the sensitive data and systems of other tenants on the same platform. This creates a significant risk of cross-customer data breaches and privileged account takeovers.

The vulnerability exists due to a failure in multi-tenancy isolation within the Securden Unified PAM platform. The system improperly shares infrastructure resources and access tokens across different tenants, lacking the necessary controls to ensure that a token issued for one tenant cannot be used to access resources belonging to another. An authenticated attacker in one tenant could exploit this by manipulating API requests or session identifiers to target and access data or systems in a different tenant, bypassing normal access control restrictions.

This vulnerability is rated as High severity with a CVSS score of 7.2. Exploitation could lead to severe consequences, including a multi-tenant data breach where an attacker in one customer environment exfiltrates sensitive data or gains privileged access to another customer's critical infrastructure. The specific risks include the compromise of privileged credentials, unauthorized access to sensitive systems and applications, reputational damage to all affected parties, and potential violations of regulatory compliance standards (e.g., GDPR, SOC 2, HIPAA).

Immediate Action: Organizations must apply the security updates provided by Securden immediately to all affected systems. Prioritize patching on internet-facing gateways. After patching, review all access logs for the past 90 days to identify any suspicious cross-tenant access patterns or unauthorized authentication events.

Proactive Monitoring: Implement enhanced monitoring on the PAM gateway. Security teams should look for unusual authentication patterns, access attempts from unrecognized IP addresses, and API calls that appear to target resources outside of the user's expected tenant scope. Monitor privileged session recordings for any anomalous activity.

Compensating Controls: If immediate patching is not feasible, restrict access to the remote access portal to only trusted, whitelisted IP addresses. Enforce Multi-Factor Authentication (MFA) for all users to raise the difficulty of initial account compromise. Increase the scrutiny of all active sessions and be prepared to terminate any suspicious connections manually.

Public Exploit Available: false

This is a high-impact vulnerability in a critical security platform that manages privileged access to sensitive corporate resources. The potential for a cross-tenant compromise presents an unacceptable risk. Although this vulnerability is not currently listed on the CISA KEV catalog, its high severity warrants urgent action. We strongly recommend that all organizations using the affected Securden products prioritize the immediate application of the vendor-supplied security patches to prevent potential system compromise and data exfiltration.