Vulnerabilities > Beyondtrust

DATE CVE VULNERABILITY TITLE RISK
2023-10-12 CVE-2023-23632 Improper Authentication vulnerability in Beyondtrust Privileged Remote Access
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass.
local
low complexity
beyondtrust CWE-287
7.8
2023-09-05 CVE-2023-4310 Command Injection vulnerability in Beyondtrust Privileged Remote Access and Remote Support
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request.
network
low complexity
beyondtrust CWE-77
critical
9.8
2022-01-05 CVE-2021-31589 Cross-site Scripting vulnerability in Beyondtrust Appliance Base Software
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
network
low complexity
beyondtrust CWE-79
6.1
2021-11-19 CVE-2021-42254 Exposure of Resource to Wrong Sphere vulnerability in Beyondtrust Privilege Management for Windows
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
local
low complexity
beyondtrust CWE-668
7.8
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2020-03-18 CVE-2020-9326 Unspecified vulnerability in Beyondtrust Privilege Management for Windows and mac
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.
network
low complexity
beyondtrust
7.5
2019-04-17 CVE-2018-10959 Untrusted Search Path vulnerability in Beyondtrust Avecto Defendpoint
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
network
low complexity
beyondtrust CWE-426
7.5
2017-10-26 CVE-2017-5996 Untrusted Search Path vulnerability in Beyondtrust Remote Support
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
local
low complexity
beyondtrust CWE-426
7.8