Vulnerabilities > Beyondtrust > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-30 | CVE-2024-9110 | Cross-site Scripting vulnerability in Beyondtrust Privileged Identity A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | 6.1 |
| 2024-06-11 | CVE-2024-5813 | Unspecified vulnerability in Beyondtrust Beyondinsight Password Safe A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | 4.9 |
| 2024-06-04 | CVE-2024-4220 | Unspecified vulnerability in Beyondtrust Beyondinsight Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | 5.3 |
| 2023-12-25 | CVE-2023-49944 | Unspecified vulnerability in Beyondtrust Privilege Management for Windows The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. | 6.7 |
| 2022-01-05 | CVE-2021-31589 | Cross-site Scripting vulnerability in Beyondtrust Appliance Base Software A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | 6.1 |