CVE-2024-5812

Summary

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

Affected Software

VendorProductVersion RangeStatus
BeyondTrustBeyondInsight PasswordSafe24.1.0 < 24.1.1affected
BeyondTrustBeyondInsight PasswordSafe23.3.0 < 23.3.0.959affected
BeyondTrustBeyondInsight PasswordSafe23.2.0 < 23.2.0.1293affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References