A low severity vulnerability in BeyondInsight Password Safe has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
Product | Version |
---|---|
BeyondInsight Password Safe | 24.1 and prior |
BeyondInsight Password Safe | 23.3 versions before the .959 hotfix |
BeyondInsight Password Safe | 23.2 versions before the .1293 hotfix |
Product | Version |
---|---|
BeyondInsight Password Safe | 24.1.1 and later |
BeyondInsight Password Safe | 23.3.0.959 and later |
BeyondInsight Password Safe | 23.2.0.1293 and later |
BeyondTrust would like to acknowledge Christian Dölling for reporting this issue.