Vulnerabilities > Beyondtrust
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-25 | CVE-2023-49944 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. | 6.7 |
| 2023-12-12 | CVE-2020-12614 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. | 7.8 |
| 2023-12-12 | CVE-2020-28369 | Uncontrolled Search Path Element vulnerability in Beyondtrust Privilege Management for Windows In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. | 7.8 |
| 2023-12-12 | CVE-2020-12612 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. | 7.8 |
| 2023-12-12 | CVE-2020-12615 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. | 7.8 |
| 2023-12-11 | CVE-2021-3187 | Unspecified vulnerability in Beyondtrust Privilege Management for mac An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. | 8.8 |
| 2023-12-11 | CVE-2020-12613 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. | 8.8 |
| 2023-10-12 | CVE-2023-23632 | Improper Authentication vulnerability in Beyondtrust Privileged Remote Access BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. | 7.8 |
| 2023-09-05 | CVE-2023-4310 | Command Injection vulnerability in Beyondtrust Privileged Remote Access and Remote Support BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. | 9.8 |
| 2022-01-05 | CVE-2021-31589 | Cross-site Scripting vulnerability in Beyondtrust Appliance Base Software A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | 4.3 |