Vulnerabilities > Beyondtrust > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-04 CVE-2024-4220 Unspecified vulnerability in Beyondtrust Beyondinsight
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.
network
low complexity
beyondtrust
5.3
2023-12-25 CVE-2023-49944 Unspecified vulnerability in Beyondtrust Privilege Management for Windows
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory.
local
low complexity
beyondtrust
6.7
2022-01-05 CVE-2021-31589 Cross-site Scripting vulnerability in Beyondtrust Appliance Base Software
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
4.3
2020-03-18 CVE-2020-9326 Improper Input Validation vulnerability in Beyondtrust Privilege Management for Windows and mac
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.
network
low complexity
beyondtrust CWE-20
5.0
2019-04-17 CVE-2018-10959 Untrusted Search Path vulnerability in Beyondtrust Avecto Defendpoint
Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
network
low complexity
beyondtrust CWE-426
5.0