CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0889 – Privilege Management for Windows – Elevation of Privilege
https://notcve.org/view.php?id=CVE-2025-0889
26 Feb 2025 — Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. • https://www.beyondtrust.com/trust-center/security-advisories/bt25-01 • CWE-268: Privilege Chaining •
CVSS: 10.0EPSS: 20%CPEs: 1EXPL: 0CVE-2024-12686 – BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-12686
18 Dec 2024 — A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute unde... • https://nvd.nist.gov/vuln/detail/CVE-2024-12686 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 92%CPEs: 2EXPL: 2CVE-2024-12356 – BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-12356
17 Dec 2024 — A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. • https://packetstorm.news/files/id/189316 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9110 – Cross-Site Scripting In Privileged Identity
https://notcve.org/view.php?id=CVE-2024-9110
30 Oct 2024 — A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. Se ha identificado una vulnerabilidad de gravedad media en Privileged Identity que puede permitir a un atacante realizar ataques de Cross Site Scripting reflejado. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-5812 – Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5812
11 Jun 2024 — A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a través de una solicitud API especialmente manipulada. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-07 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5813 – SSH Private Key Leak in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5813
11 Jun 2024 — A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a través de una fuga de información en la respuesta del servidor. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4220 – Information Disclosure in BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4220
04 Jun 2024 — Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. Antes de la versión 23.1, existía una vulnerabilidad de divulgación de información dentro de BeyondInsight que podía permitir a un atacante enumerar nombres de usuarios. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4219 – SSRF In BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4219
04 Jun 2024 — Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Antes de la versión 23.2, era posible realizar solicitudes arbitrarias del lado del servidor a través de conectores basados en HTTP dentro de BeyondInsight, lo que generaba una vulnerabilidad de server-side request forgery. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-05 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4017 – Privilege Escalation in U-Series Appliance
https://notcve.org/view.php?id=CVE-2024-4017
19 Apr 2024 — Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Vulnerabilidad de gestión de privilegios inadecuada en el dispositivo BeyondTrust U-Series en Windows, 64 bits (módulos de sistema de archivos) permite la carga lateral de DLL. Este problema afecta al dispositivo U-Series: desde 3.4 antes de 4.0.3. • https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4018 – Privilege Escalation in U-Series Appliance
https://notcve.org/view.php?id=CVE-2024-4018
19 Apr 2024 — Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3. Una vulnerabilidad de gestión de privilegios inadecuada en el dispositivo BeyondTrust U-Series en Windows de 64 bits (módulos de API del dispositivo local) permite la escalada de privilegios. Este problema afecta al dispositivo U-Series: desde 3.4 antes de 4.0.3. • https://www.beyondtrust.com/docs/release-notes/u-series-appliance/bt-appliance-u-series-software-4-0-3.htm • CWE-269: Improper Privilege Management •