Privilege Management For Windows Security Vulnerabilities and Issues — Privilege Management For Windows CVE List

Lucene search

BeyondtrustPrivilege Management For Windows

9 matches found

CVE•added 2024/02/16 9:15 p.m.•46 views

CVE-2024-25083

An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.

7.8CVSS6.5AI score0.00051EPSS

CVE•added 2024/02/16 7:15 p.m.•40 views

CVE-2024-1591

Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.

3.3CVSS3.7AI score0.00061EPSS

CVE•added 2023/12/25 8:15 a.m.•31 views

CVE-2023-49944

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature...

6.7CVSS6.4AI score0.00011EPSS

CVE•added 2021/11/19 7:15 p.m.•27 views

CVE-2021-42254

BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.

7.8CVSS7.5AI score0.00036EPSS

CVE•added 2023/12/11 10:15 p.m.•26 views

CVE-2020-12613

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second ...

8.8CVSS8.6AI score0.00196EPSS

CVE•added 2023/12/12 3:15 p.m.•25 views

CVE-2020-12614

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criter...

8.4CVSS7.5AI score0.0014EPSS

CVE•added 2023/12/12 2:15 p.m.•18 views

CVE-2020-12612

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a...

7.8CVSS7.7AI score0.00189EPSS

CVE•added 2023/12/12 3:15 p.m.•18 views

CVE-2020-28369

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

7.8CVSS7.5AI score0.00115EPSS

CVE•added 2023/12/12 1:15 p.m.•17 views

CVE-2020-12615

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

7.8CVSS7.6AI score0.00154EPSS