9 results (0.003 seconds)

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. Antes de la versión 24.1, un atacante autenticado local puede ver Sysvol cuando Privilege Management para Windows está configurado para usar una política de GPO. Esto les permite ver la política y potencialmente encontrar problemas de configuración. • https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. La función Challenge Response de BeyondTrust Privilege Management para Windows (PMfW) antes del 14 de julio de 2023 permite a los administradores locales omitir esta función descifrando la clave compartida o localizando la clave compartida descifrada en la memoria de proceso. La amenaza se mitiga mediante la función Agent Protection. • https://www.beyondtrust.com/security https://www.beyondtrust.com/trust-center/security-advisories/bt23-08 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Al agregar el token Agregar administrador a un proceso y especificar que se ejecute con una integridad media y que el usuario sea propietario del proceso, este token de seguridad se puede robar y aplicar a procesos arbitrarios. • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-07 • CWE-269: Improper Privilege Management •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. Se descubrió un problema en BeyondTrust Privilege Management para Windows hasta 5.6. Si se seleccionan los criterios del editor, se define el nombre de un editor que debe estar presente en el certificado (y también requiere que el certificado sea válido). • https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1 https://www.beyondtrust.com/trust-center/security-advisories/bt22-10 • CWE-295: Improper Certificate Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp. En BeyondTrust Privilege Management para Windows (también conocido como PMfW) hasta 5.7, una instalación de SISTEMA hace que Cryptbase.dll se cargue desde la ubicación de escritura del usuario %WINDIR%\Temp. • https://www.beyondtrust.com/privilege-management/windows-mac https://www.beyondtrust.com/trust-center/security-advisories/bt22-08 • CWE-427: Uncontrolled Search Path Element •