CVE-2024-5812 - Vulnerability Details - OpenCVE

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00121.

Key SSVC decision points have not yet been added.

Vendors	Products
Beyondtrust	Beyondinsight Password Safe

Configuration 1 [-]

OR	cpe:2.3:a:beyondtrust:beyondinsight_password_safe::::::::
	cpe:2.3:a:beyondtrust:beyondinsight_password_safe::::::::
	cpe:2.3:a:beyondtrust:beyondinsight_password_safe:24.1:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-46960	A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.beyondtrust.com/trust-center/security-advisories/bt24-07

History

Tue, 11 Feb 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Beyondtrust Beyondtrust beyondinsight Password Safe
CPEs		cpe:2.3:a:beyondtrust:beyondinsight_password_safe:::::::: cpe:2.3:a:beyondtrust:beyondinsight_password_safe:24.1:::::::*
Vendors & Products		Beyondtrust Beyondtrust beyondinsight Password Safe

MITRE

Status: PUBLISHED

Assigner: BT

Published: 2024-06-11T15:41:13.496Z

Updated: 2024-08-01T21:25:02.748Z

Reserved: 2024-06-10T19:32:48.176Z

Link: CVE-2024-5812

Vulnrichment

Updated: 2024-08-01T21:25:02.748Z

NVD

Status : Analyzed

Published: 2024-06-11T16:15:29.207

Modified: 2025-02-11T21:36:43.423

Link: CVE-2024-5812

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5812", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "state": "PUBLISHED", "assignerShortName": "BT", "dateReserved": "2024-06-10T19:32:48.176Z", "datePublished": "2024-06-11T15:41:13.496Z", "dateUpdated": "2024-08-01T21:25:02.748Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "BeyondInsight PasswordSafe", "vendor": "BeyondTrust", "versions": [{"lessThan": "24.1.1", "status": "affected", "version": "24.1.0", "versionType": "custom"}, {"lessThan": "23.3.0.959", "status": "affected", "version": "23.3.0", "versionType": "custom"}, {"lessThan": "23.2.0.1293", "status": "affected", "version": "23.2.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.</p><br>"}], "value": "A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2024-06-11T15:41:13.496Z"}, "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"}], "source": {"discovery": "UNKNOWN"}, "title": "Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T17:53:32.772452Z", "id": "CVE-2024-5812", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:54:07.205Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:02.748Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:02.748Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5812", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-11T17:53:32.772452Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:53:43.097Z"}}], "cna": {"title": "Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "BeyondTrust", "product": "BeyondInsight PasswordSafe", "versions": [{"status": "affected", "version": "24.1.0", "lessThan": "24.1.1", "versionType": "custom"}, {"status": "affected", "version": "23.3.0", "lessThan": "23.3.0.959", "versionType": "custom"}, {"status": "affected", "version": "23.2.0", "lessThan": "23.2.0.1293", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.", "supportingMedia": [{"type": "text/html", "value": "<p>A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.</p><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "13061848-ea10-403d-bd75-c83a022c2891", "shortName": "BT", "dateUpdated": "2024-06-11T15:41:13.496Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5812", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:02.748Z", "dateReserved": "2024-06-10T19:32:48.176Z", "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891", "datePublished": "2024-06-11T15:41:13.496Z", "assignerShortName": "BT"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2FCF255-E458-4711-954F-32670810AED5", "versionEndExcluding": "23.2.0.1293", "versionStartIncluding": "23.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:beyondtrust:beyondinsight_password_safe:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B11F38B-D19C-4A46-91E0-22512C10FFAE", "versionEndExcluding": "23.3.0.959", "versionStartIncluding": "23.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:beyondtrust:beyondinsight_password_safe:24.1:*:*:*:*:*:*:*", "matchCriteriaId": "FFC9B4D8-DCF1-4E5A-BB34-CA64B559BA4B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a trav\u00e9s de una solicitud API especialmente manipulada."}], "id": "CVE-2024-5812", "lastModified": "2025-02-11T21:36:43.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 2.5, "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-11T16:15:29.207", "references": [{"source": "13061848-ea10-403d-bd75-c83a022c2891", "tags": ["Vendor Advisory"], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-07"}], "sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "13061848-ea10-403d-bd75-c83a022c2891", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-290"}], "source": "nvd@nist.gov", "type": "Primary"}]}