Cross-Site Scripting Vulnerability in BeyondTrust Secure Remote Access Software
CVE-2021-31589

6.1MEDIUM

Key Information:

Vendor

Beyondtrust

Status
Appliance Base Software
Vendor
CVE Published:
5 January 2022

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 20%

What is CVE-2021-31589?

A cross-site scripting (XSS) vulnerability has been identified in BeyondTrust Secure Remote Access Base Software versions up to 6.0.1. This flaw allows attackers to execute arbitrary JavaScript code in the context of a user's session. If exploitation occurs, it can lead to the manipulation of user data and the execution of unintended actions on behalf of the affected user, ultimately compromising the application's security integrity. Proper input sanitization measures should be taken to mitigate the risk of such attacks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-31589
Created by karthi-the-hacker

References

https://www.beyondtrust.com/docs/release-notes/index.htm
x_refsource_MISC
http://packetstormsecurity.com/files/165408/BeyondTrust-R...
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2022010013
x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2021-31589 : Cross-Site Scripting Vulnerability in BeyondTrust Secure Remote Access Software