Filtered by vendor Beyondtrust Subscriptions
Total 31 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-3156 9 Beyondtrust, Debian, Fedoraproject and 6 more 38 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 35 more 2025-07-30 7.8 High
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2024-12356 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2025-07-30 9.8 Critical
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVE-2024-12686 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2025-07-30 6.6 Medium
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
CVE-2025-2297 1 Beyondtrust 1 Privilege Management For Windows 2025-07-29 N/A
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
CVE-2025-6250 1 Beyondtrust 1 Privilege Management For Windows 2025-07-29 N/A
Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
CVE-2025-0889 1 Beyondtrust 1 Privilege Management For Windows 2025-07-12 N/A
Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
CVE-2025-5309 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2025-06-19 N/A
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2021-3187 2 Apple, Beyondtrust 2 Mac Os X, Privilege Management For Mac 2025-05-27 8.8 High
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
CVE-2025-0217 1 Beyondtrust 1 Privileged Remote Access 2025-05-05 N/A
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
CVE-2017-5996 1 Beyondtrust 1 Remote Support 2025-04-20 7.8 High
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.
CVE-2024-25083 1 Beyondtrust 1 Privilege Management For Windows 2025-03-27 6.3 Medium
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.
CVE-2024-5812 1 Beyondtrust 1 Beyondinsight Password Safe 2025-02-11 3.3 Low
A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.
CVE-2024-5813 1 Beyondtrust 1 Beyondinsight Password Safe 2025-02-11 5.9 Medium
A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
CVE-2024-9110 1 Beyondtrust 1 Privileged Identity 2025-02-11 6.4 Medium
A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.
CVE-2024-1591 1 Beyondtrust 1 Privilege Management For Windows 2025-02-07 3.3 Low
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
CVE-2024-4220 1 Beyondtrust 1 Beyondinsight 2024-11-21 4.3 Medium
Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.
CVE-2024-4219 1 Beyondtrust 1 Beyondinsight 2024-11-21 4.8 Medium
Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.
CVE-2024-4018 1 Beyondtrust 1 U-series Appliance 2024-11-21 8.8 High
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
CVE-2024-4017 1 Beyondtrust 1 U-series Appliance 2024-11-21 8.8 High
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
CVE-2023-4310 1 Beyondtrust 2 Privileged Remote Access, Remote Support 2024-11-21 9.8 Critical
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.