CVE-2024-5812 – Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5812
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a través de una solicitud API especialmente manipulada. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-07 • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-5813 – SSH Private Key Leak in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5813
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a través de una fuga de información en la respuesta del servidor. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •