Beyondinsight CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-5812	1 Beyondtrust	1 Beyondinsight Password Safe	2025-02-11	3.3 Low
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
CVE-2024-5813	1 Beyondtrust	1 Beyondinsight Password Safe	2025-02-11	5.9 Medium
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
CVE-2024-4220	1 Beyondtrust	1 Beyondinsight	2024-11-21	4.3 Medium
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.
CVE-2024-4219	1 Beyondtrust	1 Beyondinsight	2024-11-21	4.8 Medium
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

Page 1 of 1.