CVE-2024-9110 – Cross-Site Scripting In Privileged Identity
https://notcve.org/view.php?id=CVE-2024-9110
A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks. Se ha identificado una vulnerabilidad de gravedad media en Privileged Identity que puede permitir a un atacante realizar ataques de Cross Site Scripting reflejado. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-5812 – Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5812
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request. Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a través de una solicitud API especialmente manipulada. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-07 • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-5813 – SSH Private Key Leak in BeyondInsight PasswordSafe
https://notcve.org/view.php?id=CVE-2024-5813
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response. Se ha identificado una vulnerabilidad de gravedad media en BIPS donde un atacante autenticado con altos privilegios puede acceder a las claves privadas SSH a través de una fuga de información en la respuesta del servidor. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-4220 – Information Disclosure in BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4220
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames. Antes de la versión 23.1, existía una vulnerabilidad de divulgación de información dentro de BeyondInsight que podía permitir a un atacante enumerar nombres de usuarios. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2024-4219 – SSRF In BeyondInsight
https://notcve.org/view.php?id=CVE-2024-4219
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. Antes de la versión 23.2, era posible realizar solicitudes arbitrarias del lado del servidor a través de conectores basados en HTTP dentro de BeyondInsight, lo que generaba una vulnerabilidad de server-side request forgery. • https://www.beyondtrust.com/trust-center/security-advisories/BT24-05 • CWE-918: Server-Side Request Forgery (SSRF) •