Vulnerabilities > Beyondtrust > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-4219 Server-Side Request Forgery (SSRF) vulnerability in Beyondtrust Beyondinsight 23.1
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
network
low complexity
beyondtrust CWE-918
critical
9.1
2023-09-05 CVE-2023-4310 Command Injection vulnerability in Beyondtrust Privileged Remote Access and Remote Support
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request.
network
low complexity
beyondtrust CWE-77
critical
9.8
2017-10-26 CVE-2017-5996 Untrusted Search Path vulnerability in Beyondtrust Remote Support
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
network
beyondtrust CWE-426
critical
9.3