CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12615
https://notcve.org/view.php?id=CVE-2020-12615
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario del proceso, este token de seguridad se puede robar y aplicar a procesos arbitrarios. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12613
https://notcve.org/view.php?id=CVE-2020-12613
An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-11 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42254
https://notcve.org/view.php?id=CVE-2021-42254
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. BeyondTrust Privilege Management versiones anteriores a 21.6, crea un Archivo Temporal en un directorio con permisos no seguros • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/MNDT-2021-0008/MNDT-2021-0008.md https://www.beyondtrust.com/blog • CWE-668: Exposure of Resource to Wrong Sphere •