23 results (0.006 seconds)

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. Se ha identificado una vulnerabilidad de gravedad media en Privileged Identity que puede permitir a un atacante realizar ataques de Cross Site Scripting reflejado. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a través de una solicitud API especialmente manipulada. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-07 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a través de una fuga de información en la respuesta del servidor. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. Antes de la versión 23.1, existía una vulnerabilidad de divulgación de información dentro de BeyondInsight que podía permitir a un atacante enumerar nombres de usuarios. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Antes de la versión 23.2, era posible realizar solicitudes arbitrarias del lado del servidor a través de conectores basados en HTTP dentro de BeyondInsight, lo que generaba una vulnerabilidad de server-side request forgery. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-05 • CWE-918: Server-Side Request Forgery (SSRF) •