Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • BT22-08 current page
Link copied

BT 22-08

Security Advisories

Advisory ID: BT22-08

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
  • CVSSv3 Score: 5.5
  • Issue Date: 2020-08-01
  • Updated On: 2023-12-05
  • CVE(s): CVE-2020-28369

Synopsis:

DLL Hijacking in Privilege Management for Windows (PMfW) Installer

Impacted Product:

Privilege Management for Windows (PMfW)

Summary:

A medium-severity vulnerability was discovered and verified in BeyondTrust’s Privilege Management for Windows (PMfW) that allowed an attacker to hijack a DLL in the PMfW installer. The Privilege Management for Windows installer loads several DLLs during installation. In some instances, DLLs were loaded from user-controlled locations which could enable code injection.

Mitigation:

The search order of DLLs in the Privilege Management for Windows installer was changed to ensure only DLLs from trusted locations are loaded. This change was implemented in PMfW version 21.3. BeyondTrust recommends customers update to the latest version of PMfW as soon as possible.

Affected Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) Prior to 23.1

Fixed Versions

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied
Product Version
Privilege Management for Windows (PMfW) 23.1 and above

Acknowledgements

White chain icon to symbolize the ability to copy a link
Link copied
Check mark to visually show text has been copied

BeyondTrust would like to acknowledge Lockheed Martin Red team for reporting this issue.

References:

  1. https://www.cve.org/CVERecord?id=CVE-2020-28369
  2. https://nvd.nist.gov/vuln/detail/CVE-2020-28369

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.