CNNVD-202512-2661 Information

CNNVD ID

CNNVD-202512-2661

Related CVE

CVE-2025-65176

• CNNVD Published: 2025-12-15

Description (Chinese)

Dynatrace OneAgent是Dynatrace公司的一个智能化代理程序。 Dynatrace OneAgent 1.325.47之前版本存在安全漏洞，该漏洞源于代理在收到STATUS_LOGON_FAILURE错误时会检索机器上的每个用户令牌并尝试访问网络共享，可能导致NTLM中继攻击。

Description (English)

Dynatrace OneAgent is an intelligent agent for Dynatrace. There was a security loophole in the pre-Dynatrace OneAgent 1.325.47 version, which arose from the fact that the agent would retrieve every user token on the machine and try to access the network sharing if he received STATUS LOGON FAILURE error, which could lead to NTLM repeat attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Dynatrace

Published

2025-12-15

Last Modified

2026-02-24

References

https://docs.dynatrace.com/docs/shortlink/release-notes-oneagent-sprint-325#oneagent-sprint-325-ga https://docs.dynatrace.com/docs/whats-new/oneagent/sprint-325#oneagent-sprint-325-ga https://hackerone.com/reports/3313408