Low Severity Vulnerability in BIPS Allows Overwriting of Read-Only Smart Rules via API Request
CVE-2024-5812

2.7LOW

Key Information:

Vendor: Beyondtrust
Status: Beyondinsight Passwordsafe
Vendor: CVE Published:; 11 June 2024

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2024-5812?

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

Affected Version(s)

BeyondInsight PasswordSafe 24.1.0 < 24.1.1

BeyondInsight PasswordSafe 23.3.0 < 23.3.0.959

BeyondInsight PasswordSafe 23.2.0 < 23.2.0.1293

References

https://www.beyondtrust.com/trust-center/security-advisor...

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
Jun 10, 2024

JSON