Lucene search

BTVULNRICHMENT:CVE-2024-5812

HistoryJun 11, 2024 - 3:41 p.m.

CVE-2024-5812 Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

2024-06-1115:41:13

CWE-290

github.com

smart rule overwrite

bypass

beyondinsight passwordsafe

low severity

vulnerability

3.3 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

CNA Affected

[
  {
    "vendor": "BeyondTrust",
    "product": "BeyondInsight PasswordSafe",
    "versions": [
      {
        "status": "affected",
        "version": "24.1.0",
        "lessThan": "24.1.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "23.3.0",
        "lessThan": "23.3.0.959",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "23.2.0",
        "lessThan": "23.2.0.1293",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.beyondtrust.com/trust-center/security-advisories/bt24-07

3.3 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-5812