Lucene search

BTVULNRICHMENT:CVE-2024-4219

HistoryJun 04, 2024 - 8:08 p.m.

CVE-2024-4219 SSRF In BeyondInsight

2024-06-0420:08:29

CWE-918

github.com

cve-2024-4219

ssrf

beyondinsight

server-side request forgery

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

CNA Affected

[
  {
    "vendor": "BeyondTrust",
    "product": "BeyondInsight",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "23.2",
        "versionType": "custom"
      }
    ],
    "platforms": [
      "Windows",
      "64 bit",
      "32 bit"
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/BT24-05

CVSS3

4.8

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

AI Score

7.2

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-4219