CVE-2024-4220 – Information Disclosure in BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4220
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. Antes de la versión 23.1, existía una vulnerabilidad de divulgación de información dentro de BeyondInsight que podía permitir a un atacante enumerar nombres de usuarios. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-4219 – SSRF In BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4219
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Antes de la versión 23.2, era posible realizar solicitudes arbitrarias del lado del servidor a través de conectores basados en HTTP dentro de BeyondInsight, lo que generaba una vulnerabilidad de server-side request forgery. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-05 • CWE-918: Server-Side Request Forgery (SSRF) •