Vulnerabilities > Beyondtrust
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-18 | CVE-2024-12686 | OS Command Injection vulnerability in Beyondtrust Remote Support A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 7.2 |
| 2024-12-17 | CVE-2024-12356 | Command Injection vulnerability in Beyondtrust Remote Support A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 9.8 |
| 2024-10-30 | CVE-2024-9110 | Cross-site Scripting vulnerability in Beyondtrust Privileged Identity A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | 6.1 |
| 2024-06-11 | CVE-2024-5812 | Authentication Bypass by Spoofing vulnerability in Beyondtrust Beyondinsight Password Safe 24.1 A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. | 2.7 |
| 2024-06-11 | CVE-2024-5813 | Unspecified vulnerability in Beyondtrust Beyondinsight Password Safe A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | 4.9 |
| 2024-06-04 | CVE-2024-4219 | Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1 Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | 9.1 |
| 2024-06-04 | CVE-2024-4220 | Unspecified vulnerability in Beyondtrust Beyondinsight Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | 5.3 |
| 2024-02-16 | CVE-2024-1591 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. | 3.3 |
| 2023-12-25 | CVE-2023-49944 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. | 6.7 |
| 2023-12-12 | CVE-2020-12614 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. | 7.8 |