Vulnerabilities > Beyondtrust
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-18 | CVE-2024-12686 | OS Command Injection vulnerability in Beyondtrust Remote Support A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 7.2 |
| 2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |
| 2024-10-30 | CVE-2024-9110 | Cross-site Scripting vulnerability in Beyondtrust Privileged Identity A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | 6.1 |
| 2024-06-11 | CVE-2024-5812 | Authentication Bypass by Spoofing vulnerability in Beyondtrust Beyondinsight Password Safe 24.1 A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. | 2.7 |
| 2024-06-11 | CVE-2024-5813 | Unspecified vulnerability in Beyondtrust Beyondinsight Password Safe A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | 4.9 |
| 2024-06-04 | CVE-2024-4219 | Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1 Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | 9.1 |
| 2024-06-04 | CVE-2024-4220 | Unspecified vulnerability in Beyondtrust Beyondinsight Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | 5.3 |
| 2024-04-19 | CVE-2024-4017 | Unspecified vulnerability in Beyondtrust U-Series Appliance Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | 7.8 |
| 2024-04-19 | CVE-2024-4018 | Unspecified vulnerability in Beyondtrust U-Series Appliance Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. | 7.8 |
| 2024-02-16 | CVE-2024-25083 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. | 7.8 |