Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
beyondtrust vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2017-5996
The agent in Bomgar Remote Support 15.2.x prior to 15.2.3, 16.1.x prior to 16.1.5, and 16.2.x prior to 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
Beyondtrust Remote Support 15.2.1
Beyondtrust Remote Support 15.2.2
Beyondtrust Remote Support 16.1.1
Beyondtrust Remote Support 16.1.2
Beyondtrust Remote Support 16.1.3
Beyondtrust Remote Support 16.1.4
Beyondtrust Remote Support 16.2.1
Beyondtrust Remote Support 16.2.2
NA
CVE-2023-4310
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote malic...
Beyondtrust Remote Support 23.2.2
Beyondtrust Remote Support 23.2.1
Beyondtrust Privileged Remote Access 23.2.1
Beyondtrust Privileged Remote Access 23.2.2
NA
CVE-2020-12612
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same ...
Beyondtrust Privilege Management For Windows
Beyondtrust Privilege Management For Windows 5.6
NA
CVE-2020-12615
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary proc...
Beyondtrust Privilege Management For Windows
Beyondtrust Privilege Management For Windows 5.6
NA
CVE-2021-3187
An issue exists in BeyondTrust Privilege Management for Mac prior to 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS prior to 10.15.5, or S...
Beyondtrust Privilege Management For Mac
5
CVSSv2
CVE-2020-9326
BeyondTrust Privilege Management for Windows and Mac (aka PMWM; formerly Avecto Defendpoint) 5.1 up to and including 5.5 prior to 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash.
Beyondtrust Privilege Management For Windows And Mac
Beyondtrust Privilege Management For Windows And Mac 5.5
5
CVSSv2
CVE-2018-10959
Avecto Defendpoint 4 before 4.4 SR6 and 5 before 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch.
Beyondtrust Avecto Defendpoint
4.3
CVSSv2
CVE-2021-31589
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
Beyondtrust Appliance Base Software
5 Github repositories
NA
CVE-2023-23632
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first ...
Beyondtrust Privileged Remote Access
NA
CVE-2020-12614
An issue exists in BeyondTrust Privilege Management for Windows up to and including 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is p...
Beyondtrust Privilege Management For Windows
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3012
CVE-2024-30200
XXE
CVE-2023-24955
CVE-2023-42931
CVE-2024-29231
remote code execution
cross-site scripting
CVE-2024-0677
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »