Filtered by vendor Beyondtrust
Subscriptions
Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12356 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2025-02-17 | 9.8 Critical |
| A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | ||||
| CVE-2024-5812 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | 3.3 Low |
| A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. | ||||
| CVE-2024-5813 | 1 Beyondtrust | 1 Beyondinsight Password Safe | 2025-02-11 | 5.9 Medium |
| A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. | ||||
| CVE-2024-9110 | 1 Beyondtrust | 1 Privileged Identity | 2025-02-11 | 6.4 Medium |
| A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. | ||||
| CVE-2024-1591 | 1 Beyondtrust | 1 Privilege Management For Windows | 2025-02-07 | 3.3 Low |
| Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. | ||||
| CVE-2021-3156 | 9 Beyondtrust, Debian, Fedoraproject and 6 more | 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more | 2025-02-03 | 7.8 High |
| Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | ||||
| CVE-2024-12686 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2025-01-14 | 6.6 Medium |
| A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | ||||
| CVE-2024-4220 | 1 Beyondtrust | 1 Beyondinsight | 2024-11-21 | 4.3 Medium |
| Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. | ||||
| CVE-2024-4219 | 1 Beyondtrust | 1 Beyondinsight | 2024-11-21 | 4.8 Medium |
| Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. | ||||
| CVE-2023-4310 | 1 Beyondtrust | 2 Privileged Remote Access, Remote Support | 2024-11-21 | 9.8 Critical |
| BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3. | ||||
| CVE-2023-49944 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 6.7 Medium |
| The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. | ||||
| CVE-2023-23632 | 1 Beyondtrust | 1 Privileged Remote Access | 2024-11-21 | 7.8 High |
| BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret. | ||||
| CVE-2021-42254 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. | ||||
| CVE-2021-3187 | 2 Apple, Beyondtrust | 2 Mac Os X, Privilege Management For Mac | 2024-11-21 | 8.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | ||||
| CVE-2021-31589 | 1 Beyondtrust | 1 Appliance Base Software | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | ||||
| CVE-2020-9326 | 1 Beyondtrust | 1 Privilege Management For Windows And Mac | 2024-11-21 | 7.5 High |
| BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash. | ||||
| CVE-2020-28369 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. | ||||
| CVE-2020-12615 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. | ||||
| CVE-2020-12614 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | ||||
| CVE-2020-12613 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | 8.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. | ||||