BT24-07 | BeyondTrust

Advisory ID: BT24-07

CVSSv3 Score: 3.3
Severity: Low
Issue Date: 2024-06-11
CVE: CVE-2024-5812

Summary

A low severity vulnerability in BeyondInsight Password Safe has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

Affected Versions

Product	Version
BeyondInsight Password Safe	24.1 and prior
BeyondInsight Password Safe	23.3 versions before the .959 hotfix
BeyondInsight Password Safe	23.2 versions before the .1293 hotfix

Fixed Versions

Product	Version
BeyondInsight Password Safe	24.1.1 and later
BeyondInsight Password Safe	23.3.0.959 and later
BeyondInsight Password Safe	23.2.0.1293 and later

Ackowledgements

BeyondTrust would like to acknowledge Christian Dölling for reporting this issue.

References

https://www.cve.org/cverecord?id=CVE-2024-5812