Search

Find a vulnerability

Search criteria

    75 vulnerabilities by beyondtrust

    CVE-2026-40141 (GCVE-0-2026-40141)

    Vulnerability from nvd – Published: 2026-07-06 16:13 – Updated: 2026-07-07 14:56
    VLAI
    Title
    High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support Affected: 0 , ≤ 25.3.2 (custom)
    Create a notification for this product.
    BeyondTrust Privilege Remote Access Affected: 0 , ≤ 25.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:55:59.570650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:56:11.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cspan\u003e\u003cspan\u003eA high-severity vulnerability exists in a web application \u003c/span\u003e\u003cspan\u003ecomponent\u003c/span\u003e\u003cspan\u003e of \u003c/span\u003e\u003cspan\u003eBeyondTrust\u003c/span\u003e\u003cspan\u003e Remote Support and Privileged Remote Access related to the processing of certain input parameters.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eInsufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions. \u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters.\u00a0Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T14:56:42.895Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40141",
        "datePublished": "2026-07-06T16:13:42.284Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T14:56:42.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40140 (GCVE-0-2026-40140)

    Vulnerability from nvd – Published: 2026-07-06 16:13 – Updated: 2026-07-07 15:01
    VLAI
    Title
    High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:55:25.321625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:55:46.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003e\u003cspan\u003eBeyondTrust Remote Support and Privileged Remote Access \u003c/span\u003e\u003cspan\u003econtain\u003c/span\u003e\u003cspan\u003e \u003c/span\u003e\u003cspan\u003ea high\u003c/span\u003e\u003cspan\u003e-severity pre-authentication vulnerability in the network communication subsystem.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eInsufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability."
                }
              ],
              "value": "BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem.\u00a0Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-124",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-124 Shared Resource Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:01:24.511Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40140",
        "datePublished": "2026-07-06T16:13:22.126Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T15:01:24.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40139 (GCVE-0-2026-40139)

    Vulnerability from nvd – Published: 2026-07-06 16:13 – Updated: 2026-07-07 15:00
    VLAI
    Title
    Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T03:56:31.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003e\u003cspan\u003eA critical pre-authentication vulnerability exists in the authentication subsystem of \u003c/span\u003e\u003cspan\u003eBeyondTrust\u003c/span\u003e\u003cspan\u003e Remote Support.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eImproper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled."
                }
              ],
              "value": "A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support.\u00a0Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:00:13.079Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40139",
        "datePublished": "2026-07-06T16:13:02.413Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T15:00:13.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40138 (GCVE-0-2026-40138)

    Vulnerability from nvd – Published: 2026-07-06 16:12 – Updated: 2026-07-07 14:59
    VLAI
    Title
    Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T03:56:32.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T14:59:19.946Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40138",
        "datePublished": "2026-07-06T16:12:42.627Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T14:59:19.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1731 (GCVE-0-2026-1731)

    Vulnerability from nvd – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04
    VLAI CISA ENISA KEVIntel
    Title
    Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
    Summary
    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 0 , ≤ RS 25.3.1 (custom)
    Affected: 0 , ≤ PRA 24.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1731",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-14T04:55:25.328322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:15.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/win3zz/CVE-2026-1731"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
              },
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-13T00:00:00.000Z",
                "value": "CVE-2026-1731 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "RS 25.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "PRA 24.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T21:49:20.844Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1731",
        "datePublished": "2026-02-06T21:49:20.844Z",
        "dateReserved": "2026-01-31T23:54:56.922Z",
        "dateUpdated": "2026-02-26T15:04:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1232 (GCVE-0-2026-1232)

    Vulnerability from nvd – Published: 2026-02-02 16:18 – Updated: 2026-02-02 16:35
    VLAI
    Title
    Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows
    Summary
    A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1232",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T16:35:19.653452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T16:35:48.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Privilege management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u0026lt;=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.\u003c/span\u003e"
                }
              ],
              "value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u003c=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T16:18:47.242Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"
            },
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0023100"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1232",
        "datePublished": "2026-02-02T16:18:47.242Z",
        "dateReserved": "2026-01-20T15:30:42.757Z",
        "dateUpdated": "2026-02-02T16:35:48.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6250 (GCVE-0-2025-6250)

    Vulnerability from nvd – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
    VLAI
    Title
    Privilege Management for Windows - Elevation of Privilege
    Summary
    Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privilege Management for Windows Affected: 0 , < <25.4.270 (cpe)
    Create a notification for this product.
    Credits
    MSG Systems AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T17:22:35.364250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T17:22:45.226Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "\u003c25.4.270",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "MSG Systems AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.\u0026nbsp;"
                }
              ],
              "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-424",
                  "description": "CWE-424",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-28T15:40:28.381Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
            }
          ],
          "source": {
            "advisory": "bt25-06",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows - Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-6250",
        "datePublished": "2025-07-28T15:40:28.381Z",
        "dateReserved": "2025-06-18T18:48:28.860Z",
        "dateUpdated": "2025-07-28T17:22:45.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2297 (GCVE-0-2025-2297)

    Vulnerability from nvd – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
    VLAI
    Title
    Privilege Management for Windows - Elevation of Privilege
    Summary
    Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privilege Management for Windows Affected: 0 , < <25.4.270 (cpe)
    Create a notification for this product.
    Credits
    Lukasz Piotrowski Marius Kotlarz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T17:22:05.722414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T17:22:18.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "\u003c25.4.270",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Lukasz Piotrowski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Marius Kotlarz"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.\u003cbr\u003e"
                }
              ],
              "value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "CWE-268",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-28T15:40:14.633Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05"
            }
          ],
          "source": {
            "advisory": "BT25-05",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows - Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-2297",
        "datePublished": "2025-07-28T15:40:14.633Z",
        "dateReserved": "2025-03-13T21:22:29.654Z",
        "dateUpdated": "2025-07-28T17:22:18.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5309 (GCVE-0-2025-5309)

    Vulnerability from nvd – Published: 2025-06-16 16:06 – Updated: 2026-02-26 17:50
    VLAI
    Title
    Remote Support & Privileged Remote Access server side template injection
    Summary
    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote support & Privileged Remote Access Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.3 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.4 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Jorren Geurts of Resillion
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-19T03:55:07.428165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote support \u0026 Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.3",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.4",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jorren Geurts of Resillion"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T23:11:53.479Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Support \u0026 Privileged Remote Access server side template injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-5309",
        "datePublished": "2025-06-16T16:06:14.413Z",
        "dateReserved": "2025-05-28T17:50:50.656Z",
        "dateUpdated": "2026-02-26T17:50:35.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0217 (GCVE-0-2025-0217)

    Vulnerability from nvd – Published: 2025-05-05 17:00 – Updated: 2025-11-03 19:35
    VLAI
    Title
    Privileged Remote Access Authentication Bypass
    Summary
    BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privileged Remote Access Affected: 0 , < 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Paul Szabo of the University of Sydney
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0217",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T17:14:56.030570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T17:15:02.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:35:05.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "25.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Paul Szabo of the University of Sydney"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
                }
              ],
              "value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-05T17:00:05.244Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privileged Remote Access Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-0217",
        "datePublished": "2025-05-05T17:00:05.244Z",
        "dateReserved": "2025-01-03T22:06:31.577Z",
        "dateUpdated": "2025-11-03T19:35:05.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0889 (GCVE-0-2025-0889)

    Vulnerability from nvd – Published: 2025-02-26 01:41 – Updated: 2025-02-26 15:43
    VLAI
    Title
    Privilege Management for Windows – Elevation of Privilege
    Summary
    Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:46:53.686658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T15:43:14.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "25.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.\u0026nbsp;"
                }
              ],
              "value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "CWE-268",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-26T01:41:25.407Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
            }
          ],
          "source": {
            "advisory": "https://www.beyondtrust.com/trust-center/security-advisories/bt2",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows \u2013 Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-0889",
        "datePublished": "2025-02-26T01:41:25.407Z",
        "dateReserved": "2025-01-30T17:52:42.202Z",
        "dateUpdated": "2025-02-26T15:43:14.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12686 (GCVE-0-2024-12686)

    Vulnerability from nvd – Published: 2024-12-18 20:23 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
    Summary
    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-18 19:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12686",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T15:32:45.601180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-13T00:00:00.000Z",
                "value": "CVE-2024-12686 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-18T19:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T20:23:57.909Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12686",
        "datePublished": "2024-12-18T20:23:57.909Z",
        "dateReserved": "2024-12-16T18:58:57.921Z",
        "dateUpdated": "2025-10-21T22:55:34.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12356 (GCVE-0-2024-12356)

    Vulnerability from nvd – Published: 2024-12-17 04:29 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
    Summary
    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-17 04:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12356",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T18:04:49.357119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2024-12-19",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-12-19T00:00:00.000Z",
                "value": "CVE-2024-12356 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-02-17T20:34:17.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-17T04:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T19:35:07.022Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
            },
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12356",
        "datePublished": "2024-12-17T04:29:07.883Z",
        "dateReserved": "2024-12-08T18:31:21.494Z",
        "dateUpdated": "2025-10-21T22:55:34.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9110 (GCVE-0-2024-9110)

    Vulnerability from nvd – Published: 2024-10-30 16:57 – Updated: 2024-11-01 19:39
    VLAI
    Title
    Cross-Site Scripting In Privileged Identity
    Summary
    A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privileged Identity Affected: 0 , < 7.4.2 (custom)
    Create a notification for this product.
    beyondtrust privileged_identity Affected: 0 , < 7.4.2 (custom)
        cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-30 16:32
    Credits
    Jonathan Birch (jobirch@exchange.microsoft.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_identity",
                "vendor": "beyondtrust",
                "versions": [
                  {
                    "lessThan": "7.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9110",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T17:26:50.357222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:32:37.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Identity",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "7.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jonathan Birch (jobirch@exchange.microsoft.com)"
            }
          ],
          "datePublic": "2024-10-30T16:32:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
                }
              ],
              "value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T19:39:41.922Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-09"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting In Privileged Identity",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-9110",
        "datePublished": "2024-10-30T16:57:39.549Z",
        "dateReserved": "2024-09-23T17:45:22.394Z",
        "dateUpdated": "2024-11-01T19:39:41.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-5813 (GCVE-0-2024-5813)

    Vulnerability from nvd – Published: 2024-06-11 15:34 – Updated: 2024-08-01 21:25
    VLAI
    Title
    SSH Private Key Leak in BeyondInsight PasswordSafe
    Summary
    A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust BeyondInsight PasswordSafe Affected: 23.3 , < 23.3.0.929 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-5813",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-11T16:51:05.940606Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-11T16:51:18.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:25:02.822Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "BeyondInsight PasswordSafe",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "23.3.0.929",
                  "status": "affected",
                  "version": "23.3",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response.\u003cbr\u003e\u003c/p\u003e"
                }
              ],
              "value": "A medium severity vulnerability in BIPS has been identified where an authenticated attacker with high privileges can access the SSH private keys via an information leak in the server response."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-410",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-410 Information Elicitation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-11T15:34:57.818Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-08"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SSH Private Key Leak in BeyondInsight PasswordSafe",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-5813",
        "datePublished": "2024-06-11T15:34:57.818Z",
        "dateReserved": "2024-06-10T19:32:51.897Z",
        "dateUpdated": "2024-08-01T21:25:02.822Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-40141 (GCVE-0-2026-40141)

    Vulnerability from cvelistv5 – Published: 2026-07-06 16:13 – Updated: 2026-07-07 14:56
    VLAI
    Title
    High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-943 - Improper Neutralization of Special Elements in Data Query Logic
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support Affected: 0 , ≤ 25.3.2 (custom)
    Create a notification for this product.
    BeyondTrust Privilege Remote Access Affected: 0 , ≤ 25.3.2 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40141",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:55:59.570650Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:56:11.968Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cp\u003e\u003cspan\u003e\u003cspan\u003eA high-severity vulnerability exists in a web application \u003c/span\u003e\u003cspan\u003ecomponent\u003c/span\u003e\u003cspan\u003e of \u003c/span\u003e\u003cspan\u003eBeyondTrust\u003c/span\u003e\u003cspan\u003e Remote Support and Privileged Remote Access related to the processing of certain input parameters.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eInsufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions. \u003c/p\u003e\u003c/div\u003e"
                }
              ],
              "value": "A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters.\u00a0Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-66",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-66 SQL Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-943",
                  "description": "CWE-943 Improper Neutralization of Special Elements in Data Query Logic",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T14:56:42.895Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40141",
        "datePublished": "2026-07-06T16:13:42.284Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T14:56:42.895Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40140 (GCVE-0-2026-40140)

    Vulnerability from cvelistv5 – Published: 2026-07-06 16:13 – Updated: 2026-07-07 15:01
    VLAI
    Title
    High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40140",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T18:55:25.321625Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T18:55:46.474Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003e\u003cspan\u003eBeyondTrust Remote Support and Privileged Remote Access \u003c/span\u003e\u003cspan\u003econtain\u003c/span\u003e\u003cspan\u003e \u003c/span\u003e\u003cspan\u003ea high\u003c/span\u003e\u003cspan\u003e-severity pre-authentication vulnerability in the network communication subsystem.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eInsufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability."
                }
              ],
              "value": "BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem.\u00a0Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-124",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-124 Shared Resource Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:01:24.511Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40140",
        "datePublished": "2026-07-06T16:13:22.126Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T15:01:24.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40139 (GCVE-0-2026-40139)

    Vulnerability from cvelistv5 – Published: 2026-07-06 16:13 – Updated: 2026-07-07 15:00
    VLAI
    Title
    Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T03:56:31.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan\u003e\u003cspan\u003eA critical pre-authentication vulnerability exists in the authentication subsystem of \u003c/span\u003e\u003cspan\u003eBeyondTrust\u003c/span\u003e\u003cspan\u003e Remote Support.\u0026nbsp;\u003c/span\u003e\u003c/span\u003eImproper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled."
                }
              ],
              "value": "A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support.\u00a0Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T15:00:13.079Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40139",
        "datePublished": "2026-07-06T16:13:02.413Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T15:00:13.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-40138 (GCVE-0-2026-40138)

    Vulnerability from cvelistv5 – Published: 2026-07-06 16:12 – Updated: 2026-07-07 14:59
    VLAI
    Title
    Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
    Summary
    A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-40138",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T03:56:32.836Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eA critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T14:59:19.946Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-40138",
        "datePublished": "2026-07-06T16:12:42.627Z",
        "dateReserved": "2026-04-09T18:36:13.133Z",
        "dateUpdated": "2026-07-07T14:59:19.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1731 (GCVE-0-2026-1731)

    Vulnerability from cvelistv5 – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04
    VLAI CISA ENISA KEVIntel
    Title
    Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
    Summary
    BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 0 , ≤ RS 25.3.1 (custom)
    Affected: 0 , ≤ PRA 24.3.4 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1731",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-14T04:55:25.328322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-02-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T15:04:15.451Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/win3zz/CVE-2026-1731"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
              },
              {
                "tags": [
                  "third-party-advisory"
                ],
                "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-13T00:00:00.000Z",
                "value": "CVE-2026-1731 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "RS 25.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "PRA 24.3.4",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "LOW",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-06T21:49:20.844Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1731",
        "datePublished": "2026-02-06T21:49:20.844Z",
        "dateReserved": "2026-01-31T23:54:56.922Z",
        "dateUpdated": "2026-02-26T15:04:15.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-1232 (GCVE-0-2026-1232)

    Vulnerability from cvelistv5 – Published: 2026-02-02 16:18 – Updated: 2026-02-02 16:35
    VLAI
    Title
    Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows
    Summary
    A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-1232",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-02T16:35:19.653452Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-02T16:35:48.876Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Privilege management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "25.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u0026lt;=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration.\u003c/span\u003e"
                }
              ],
              "value": "A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions \u003c=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product\u2019s anti-tamper protections, which could allow access to protected application components and the ability to modify product configuration."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-122",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-122 Privilege Abuse"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T16:18:47.242Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-01"
            },
            {
              "url": "https://beyondtrustcorp.service-now.com/csm?id=kb_article_view\u0026sysparm_article=KB0023100"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Anti-Tamper Bypass in BeyondTrust Privilege Management for Windows",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2026-1232",
        "datePublished": "2026-02-02T16:18:47.242Z",
        "dateReserved": "2026-01-20T15:30:42.757Z",
        "dateUpdated": "2026-02-02T16:35:48.876Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-6250 (GCVE-0-2025-6250)

    Vulnerability from cvelistv5 – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
    VLAI
    Title
    Privilege Management for Windows - Elevation of Privilege
    Summary
    Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privilege Management for Windows Affected: 0 , < <25.4.270 (cpe)
    Create a notification for this product.
    Credits
    MSG Systems AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-6250",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T17:22:35.364250Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T17:22:45.226Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "\u003c25.4.270",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "MSG Systems AG"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions.\u0026nbsp;"
                }
              ],
              "value": "Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing anti-tamper protections. Once the service is disabled, the malicious user can add themselves to Administrators group and run any process with elevated permissions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-424",
                  "description": "CWE-424",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-28T15:40:28.381Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-06"
            }
          ],
          "source": {
            "advisory": "bt25-06",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows - Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-6250",
        "datePublished": "2025-07-28T15:40:28.381Z",
        "dateReserved": "2025-06-18T18:48:28.860Z",
        "dateUpdated": "2025-07-28T17:22:45.226Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-2297 (GCVE-0-2025-2297)

    Vulnerability from cvelistv5 – Published: 2025-07-28 15:40 – Updated: 2025-07-28 17:22
    VLAI
    Title
    Privilege Management for Windows - Elevation of Privilege
    Summary
    Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privilege Management for Windows Affected: 0 , < <25.4.270 (cpe)
    Create a notification for this product.
    Credits
    Lukasz Piotrowski Marius Kotlarz
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-2297",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-28T17:22:05.722414Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-28T17:22:18.590Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "\u003c25.4.270",
                  "status": "affected",
                  "version": "0",
                  "versionType": "cpe"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Lukasz Piotrowski"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Marius Kotlarz"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator.\u003cbr\u003e"
                }
              ],
              "value": "Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This allows users with the ability to edit their user profile files to elevate their privileges to administrator."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "CWE-268",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-28T15:40:14.633Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-05"
            }
          ],
          "source": {
            "advisory": "BT25-05",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows - Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-2297",
        "datePublished": "2025-07-28T15:40:14.633Z",
        "dateReserved": "2025-03-13T21:22:29.654Z",
        "dateUpdated": "2025-07-28T17:22:18.590Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-5309 (GCVE-0-2025-5309)

    Vulnerability from cvelistv5 – Published: 2025-06-16 16:06 – Updated: 2026-02-26 17:50
    VLAI
    Title
    Remote Support & Privileged Remote Access server side template injection
    Summary
    The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Remote support & Privileged Remote Access Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.3 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 24.2.2 , ≤ 24.2.4 (custom)
    Affected: 24.3.1 , ≤ 24.3.4 (custom)
    Affected: 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Jorren Geurts of Resillion
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-5309",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-19T03:55:07.428165Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T17:50:35.531Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote support \u0026 Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.3",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.2.4",
                  "status": "affected",
                  "version": "24.2.2",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "24.3.4",
                  "status": "affected",
                  "version": "24.3.1",
                  "versionType": "custom"
                },
                {
                  "status": "affected",
                  "version": "25.1.1",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jorren Geurts of Resillion"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-248",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-248 Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-16T23:11:53.479Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Support \u0026 Privileged Remote Access server side template injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-5309",
        "datePublished": "2025-06-16T16:06:14.413Z",
        "dateReserved": "2025-05-28T17:50:50.656Z",
        "dateUpdated": "2026-02-26T17:50:35.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0217 (GCVE-0-2025-0217)

    Vulnerability from cvelistv5 – Published: 2025-05-05 17:00 – Updated: 2025-11-03 19:35
    VLAI
    Title
    Privileged Remote Access Authentication Bypass
    Summary
    BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privileged Remote Access Affected: 0 , < 25.1.1 (custom)
    Create a notification for this product.
    Credits
    Paul Szabo of the University of Sydney
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0217",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-05T17:14:56.030570Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-05T17:15:02.220Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T19:35:05.560Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2025/May/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "25.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Paul Szabo of the University of Sydney"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
                }
              ],
              "value": "BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-115",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-115 Authentication Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-05T17:00:05.244Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-03"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Privileged Remote Access Authentication Bypass",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-0217",
        "datePublished": "2025-05-05T17:00:05.244Z",
        "dateReserved": "2025-01-03T22:06:31.577Z",
        "dateUpdated": "2025-11-03T19:35:05.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-0889 (GCVE-0-2025-0889)

    Vulnerability from cvelistv5 – Published: 2025-02-26 01:41 – Updated: 2025-02-26 15:43
    VLAI
    Title
    Privilege Management for Windows – Elevation of Privilege
    Summary
    Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0889",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-26T14:46:53.686658Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-26T15:43:14.546Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Privilege Management for Windows",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "25.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process.\u0026nbsp;"
                }
              ],
              "value": "Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-233",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-233 Privilege Escalation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "LOCAL",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-268",
                  "description": "CWE-268",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-02-26T01:41:25.407Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt25-01"
            }
          ],
          "source": {
            "advisory": "https://www.beyondtrust.com/trust-center/security-advisories/bt2",
            "discovery": "UNKNOWN"
          },
          "title": "Privilege Management for Windows \u2013 Elevation of Privilege",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2025-0889",
        "datePublished": "2025-02-26T01:41:25.407Z",
        "dateReserved": "2025-01-30T17:52:42.202Z",
        "dateUpdated": "2025-02-26T15:43:14.546Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12686 (GCVE-0-2024-12686)

    Vulnerability from cvelistv5 – Published: 2024-12-18 20:23 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
    Summary
    A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-18 19:41
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12686",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-13T15:32:45.601180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-01-13",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.086Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12686"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-01-13T00:00:00.000Z",
                "value": "CVE-2024-12686 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-18T19:41:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-12-18T20:23:57.909Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12686"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-11"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection vulnerability in Remote Support(RS) \u0026 Privilege Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12686",
        "datePublished": "2024-12-18T20:23:57.909Z",
        "dateReserved": "2024-12-16T18:58:57.921Z",
        "dateUpdated": "2025-10-21T22:55:34.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-12356 (GCVE-0-2024-12356)

    Vulnerability from cvelistv5 – Published: 2024-12-17 04:29 – Updated: 2025-10-21 22:55
    VLAI CISA KEVIntel
    Title
    Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
    Summary
    A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    BT
    Impacted products
    Date Public
    2024-12-17 04:28
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-12356",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-19T18:04:49.357119Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2024-12-19",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:34.239Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-12356"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2024-12-19T00:00:00.000Z",
                "value": "CVE-2024-12356 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-02-17T20:34:17.077Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis"
              }
            ],
            "title": "CVE Program Container",
            "x_generator": {
              "engine": "ADPogram 0.0.1"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Remote Support",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Remote Access",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThanOrEqual": "24.3.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2024-12-17T04:28:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-29T19:35:07.022Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2024-12356"
            },
            {
              "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12356"
            },
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-10"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Command Injection Vulnerability in Remote Support(RS) \u0026 Privileged Remote Access (PRA)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-12356",
        "datePublished": "2024-12-17T04:29:07.883Z",
        "dateReserved": "2024-12-08T18:31:21.494Z",
        "dateUpdated": "2025-10-21T22:55:34.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-9110 (GCVE-0-2024-9110)

    Vulnerability from cvelistv5 – Published: 2024-10-30 16:57 – Updated: 2024-11-01 19:39
    VLAI
    Title
    Cross-Site Scripting In Privileged Identity
    Summary
    A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    BT
    Impacted products
    Vendor Product Version
    BeyondTrust Privileged Identity Affected: 0 , < 7.4.2 (custom)
    Create a notification for this product.
    beyondtrust privileged_identity Affected: 0 , < 7.4.2 (custom)
        cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-10-30 16:32
    Credits
    Jonathan Birch (jobirch@exchange.microsoft.com)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:beyondtrust:privileged_identity:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "privileged_identity",
                "vendor": "beyondtrust",
                "versions": [
                  {
                    "lessThan": "7.4.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-9110",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-30T17:26:50.357222Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T17:32:37.416Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Privileged Identity",
              "vendor": "BeyondTrust",
              "versions": [
                {
                  "lessThan": "7.4.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jonathan Birch (jobirch@exchange.microsoft.com)"
            }
          ],
          "datePublic": "2024-10-30T16:32:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
                }
              ],
              "value": "A medium severity vulnerability has been identified within Privileged Identity which can allow an attacker to perform reflected cross-site scripting attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-591",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-591"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-01T19:39:41.922Z",
            "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
            "shortName": "BT"
          },
          "references": [
            {
              "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-09"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting In Privileged Identity",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "assignerShortName": "BT",
        "cveId": "CVE-2024-9110",
        "datePublished": "2024-10-30T16:57:39.549Z",
        "dateReserved": "2024-09-23T17:45:22.394Z",
        "dateUpdated": "2024-11-01T19:39:41.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-202101-1926

    Vulnerability from variot - Updated: 2026-03-09 22:27

    Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation.

    For the stable distribution (buster), this problem has been fixed in version 1.8.27-1+deb10u3.

    We recommend that you upgrade your sudo packages.

    For the detailed security status of sudo please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sudo

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQWctfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Qr2w/5AfAZMSbKestTzvm22w+T5yReGOd2jYXO2SzdqdkIzOVXJ83RrbogkiyK d1ie47Csw51M8L5eT/kf48vkABPqT9S0dlRI7rQ2xbIDWIUcDpnFNCSclSGjI+Sd HqtaQQbR+MdSjGtC8vc8RVEOEQcVvoXrqDPaEniWjA4uTV7Iqj0P3EpH1XolVlZv lw4ZZ+VdDolxhm1QWp/NiMKUlDpv5RLs6jW0oQAKP1RZqMIX44TSEHil/NEs6VeN u5AFUwo5iwYRCUbgi2mB0GxV4CRyb0IN26pGsltYJsReFL1vCMiO9drGMk/WhlqB NGKeF5rLsMKaJCkBEcMntDG1XtFhXuyak2O4atL7H8CwhBZ81Axe+aAynn7IB99B qx3GLfRNSVKHQHBHWEOxqILCS+xWmvL6/uB6xMaAh5CXxhEgs9BIEiPonccmkzQ9 xj6Uw/aWv9ZOUu+Rwmp+bG/V8DKaFKegaQAy0HnhOZ11ruJJB/YicTXSsbxoLSEt hbd0bYAOrZBqcysH8Ed+R2tGxtjoWIDLcv3uUqmttxgd8E5YpGGngaYBleGCnB0s X3JDyd1pvBu7H0vR5k2bVNgm4qQ27jHmeNKRSpvUZv50mRX8NQyv/rrROwkUsVdI 1EnlHYz0E4BUfb15ECWLfN9BM/MyPhkdKadIrrd+zJEwq+KVcHo= =d9gQ -----END PGP SIGNATURE----- . Relevant releases/architectures:

    RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch

    1. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

    Bug Fix(es):

    • Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.

    With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 8.1) - aarch64, ppc64le, s390x, x86_64

    1. 6 ELS) - i386, s390x, x86_64

    2. ========================================================================== Ubuntu Security Notice USN-4705-2 January 27, 2021

    sudo vulnerability

    A security issue affects these releases of Ubuntu and its derivatives:

    • Ubuntu 14.04 ESM
    • Ubuntu 12.04 ESM

    Summary:

    Several security issues were fixed in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

    Original advisory details:

    It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156)

    Update instructions:

    The problem can be corrected by updating your system to the following package versions:

    Ubuntu 14.04 ESM: sudo 1.8.9p5-1ubuntu1.5+esm6

    Ubuntu 12.04 ESM: sudo 1.8.3p1-1ubuntu3.10

    In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

    ====================================================================
    Red Hat Security Advisory

    Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0224-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0224 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary:

    An update for sudo is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions.

    Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

    1. Relevant releases/architectures:

    Red Hat Enterprise Linux Server AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.4) - x86_64

    1. Description:

    The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

    Security Fix(es):

    • sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

    1. Solution:

    For details on how to apply this update, which includes the changes described in this advisory, refer to:

    https://access.redhat.com/articles/11258

    1. Bugs fixed (https://bugzilla.redhat.com/):

    1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing

    1. Package List:

    Red Hat Enterprise Linux Server AUS (v. 7.4):

    Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

    x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

    Red Hat Enterprise Linux Server E4S (v. 7.4):

    Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

    ppc64le: sudo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm

    x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

    Red Hat Enterprise Linux Server TUS (v. 7.4):

    Source: sudo-1.8.19p2-12.el7_4.2.src.rpm

    x86_64: sudo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

    x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional E4S (v. 7.4):

    ppc64le: sudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm sudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm

    x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

    Red Hat Enterprise Linux Server Optional TUS (v. 7.4):

    x86_64: sudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm sudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm sudo-devel-1.8.19p2-12.el7_4.2.i686.rpm sudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm

    These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

    1. References:

    https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002

    1. Contact:

    The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

    Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

    iQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n 93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8 zGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0 ax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u sS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U WTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn PNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN Pa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP qsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE zXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2 aM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT /eC3svyPRxA=fsAW -----END PGP SIGNATURE-----

    -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "hci management node",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "sudo",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "sudo",
            "version": "1.9.0"
          },
          {
            "_id": null,
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.2.1"
          },
          {
            "_id": null,
            "model": "ontap select deploy administration utility",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "micros es400",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "400"
          },
          {
            "_id": null,
            "model": "communications performance intelligence center",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.3.1"
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "9.0"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "10.0.4"
          },
          {
            "_id": null,
            "model": "privilege management for mac",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "beyondtrust",
            "version": "21.1.1"
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "9.2.8"
          },
          {
            "_id": null,
            "model": "micros es400",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "410"
          },
          {
            "_id": null,
            "model": "skynas",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.3.0.0.0"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "32"
          },
          {
            "_id": null,
            "model": "diskstation manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "6.2"
          },
          {
            "_id": null,
            "model": "sudo",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "sudo",
            "version": "1.8.32"
          },
          {
            "_id": null,
            "model": "micros kitchen display system",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "210"
          },
          {
            "_id": null,
            "model": "privilege management for unix\\/linux",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "beyondtrust",
            "version": "10.3.2-10"
          },
          {
            "_id": null,
            "model": "sudo",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "sudo",
            "version": "1.9.5"
          },
          {
            "_id": null,
            "model": "tekelec platform distribution",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.4.0"
          },
          {
            "_id": null,
            "model": "diskstation manager unified controller",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": "3.0"
          },
          {
            "_id": null,
            "model": "micros compact workstation 3",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "310"
          },
          {
            "_id": null,
            "model": "solidfire",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "web gateway",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "mcafee",
            "version": "8.2.17"
          },
          {
            "_id": null,
            "model": "micros workstation 6",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "610"
          },
          {
            "_id": null,
            "model": "fedora",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "fedoraproject",
            "version": "33"
          },
          {
            "_id": null,
            "model": "cloud backup",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "sudo",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "sudo",
            "version": "1.8.2"
          },
          {
            "_id": null,
            "model": "oncommand unified manager core package",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "vs960hd",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "synology",
            "version": null
          },
          {
            "_id": null,
            "model": "linux",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "debian",
            "version": "10.0"
          },
          {
            "_id": null,
            "model": "tekelec platform distribution",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "7.7.1"
          },
          {
            "_id": null,
            "model": "sudo",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "sudo",
            "version": "1.9.5"
          },
          {
            "_id": null,
            "model": "ontap tools",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": "9"
          },
          {
            "_id": null,
            "model": "active iq unified manager",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netapp",
            "version": null
          },
          {
            "_id": null,
            "model": "micros workstation 6",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "655"
          },
          {
            "_id": null,
            "model": "communications performance intelligence center",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "10.4.0.1.0"
          },
          {
            "_id": null,
            "model": "micros workstation 5a",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "oracle",
            "version": "5a"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "This document was written by Timur Snoke.Statement Date:\u00a0\u00a0 February 15, 2021",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#794544"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2021-3156",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2021-3156",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "VHN-383931",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2021-3156",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-3156",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                "id": "CVE-2021-3156",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-383931",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character. A heap-based overflow has been discovered in the set_cmd() function in sudo, which may allow a local attacker to execute commands with elevated administrator privileges.CVE-2021-3156 AffectedCVE-2021-3156 Affected. Any local user (sudoers and non-sudoers)\ncan exploit this flaw for root privilege escalation. \n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.8.27-1+deb10u3. \n\nWe recommend that you upgrade your sudo packages. \n\nFor the detailed security status of sudo please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/sudo\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAQWctfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0Qr2w/5AfAZMSbKestTzvm22w+T5yReGOd2jYXO2SzdqdkIzOVXJ83RrbogkiyK\nd1ie47Csw51M8L5eT/kf48vkABPqT9S0dlRI7rQ2xbIDWIUcDpnFNCSclSGjI+Sd\nHqtaQQbR+MdSjGtC8vc8RVEOEQcVvoXrqDPaEniWjA4uTV7Iqj0P3EpH1XolVlZv\nlw4ZZ+VdDolxhm1QWp/NiMKUlDpv5RLs6jW0oQAKP1RZqMIX44TSEHil/NEs6VeN\nu5AFUwo5iwYRCUbgi2mB0GxV4CRyb0IN26pGsltYJsReFL1vCMiO9drGMk/WhlqB\nNGKeF5rLsMKaJCkBEcMntDG1XtFhXuyak2O4atL7H8CwhBZ81Axe+aAynn7IB99B\nqx3GLfRNSVKHQHBHWEOxqILCS+xWmvL6/uB6xMaAh5CXxhEgs9BIEiPonccmkzQ9\nxj6Uw/aWv9ZOUu+Rwmp+bG/V8DKaFKegaQAy0HnhOZ11ruJJB/YicTXSsbxoLSEt\nhbd0bYAOrZBqcysH8Ed+R2tGxtjoWIDLcv3uUqmttxgd8E5YpGGngaYBleGCnB0s\nX3JDyd1pvBu7H0vR5k2bVNgm4qQ27jHmeNKRSpvUZv50mRX8NQyv/rrROwkUsVdI\n1EnlHYz0E4BUfb15ECWLfN9BM/MyPhkdKadIrrd+zJEwq+KVcHo=\n=d9gQ\n-----END PGP SIGNATURE-----\n. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch\n\n3. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nBug Fix(es):\n\n* Previously, the Red Hat Virtualization Host (RHV-H) repository\n(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,\nwhich is a dependency for the sssd-ad package. Consequently, the sssd-ad\npackage failed to install. \n\nWith this update, the libsmbclient is now in the RHV-H repository, and\nsssd-ad now installs on RHV-H. (BZ#1868967)\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1850939 - Hosted engine deployment does not properly show iSCSI LUN errors\n1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1902315 - Rebase RHV-H 4.4 to RHV 4.4.4\n1902646 - ssh connection fails due to overly permissive openssh.config file permissions\n1909644 - HE deploy failed with \"Failed to download metadata for repo \u0027rhel-8-for-x86_64-baseos-beta-rpms\u0027: Cannot download repomd.xml\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError\n1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. 6 ELS) - i386, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-4705-2\nJanuary 27, 2021\n\nsudo vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Sudo. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Sudo incorrectly handled memory when parsing command\n lines. A local attacker could possibly use this issue to obtain unintended\n access to the administrator account. (CVE-2021-3156)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n  sudo                            1.8.9p5-1ubuntu1.5+esm6\n\nUbuntu 12.04 ESM:\n  sudo                            1.8.3p1-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: sudo security update\nAdvisory ID:       RHSA-2021:0224-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0224\nIssue date:        2021-01-26\nCVE Names:         CVE-2021-3156\n====================================================================\n1. Summary:\n\nAn update for sudo is now available for Red Hat Enterprise Linux 7.4\nAdvanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.4 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.4) - x86_64\n\n3. Description:\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes, without\nhaving to log in as root. \n\nSecurity Fix(es):\n\n* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nppc64le:\nsudo-1.8.19p2-12.el7_4.2.ppc64le.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.4):\n\nSource:\nsudo-1.8.19p2-12.el7_4.2.src.rpm\n\nx86_64:\nsudo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.4):\n\nppc64le:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.ppc64le.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.ppc64le.rpm\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.4):\n\nx86_64:\nsudo-debuginfo-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-debuginfo-1.8.19p2-12.el7_4.2.x86_64.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.i686.rpm\nsudo-devel-1.8.19p2-12.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3156\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBB1htzjgjWX9erEAQjwNQ/9HBoqYFsK25G0+2QKqO2FTwr0G7P5gx3n\n93VL0desDcpNXLdd4lwWcx1gAQkKSiYtMyFl5JdrqTznudDPo/V4dPBbPl3hkIr8\nzGiiKTDErT2MeCm5T4RXJVFzCCJA78io7MENH0Wr0SVTybjljKs1m06egY120kC0\nax3v92dap0K6KNAlVLscRzc2p0veauF+cfpk+5+Zomzw89QRTrWYt7BBxUxFsk2u\nsS0t9cmT3UURXjsqdDjMmilxWbqmKzKePhWeCfu8zBNc+TacLSXBqZmPgSlB1V5U\nWTzSNIu3AGSpcniqcx0It4ncfmwGfmmekQ0U4ZTBLkM+fr7krikFiBFsf+jPaqvn\nPNFdJY318EAJWxzRGhf9UunlMVYrimjjNxqMU1LVIxIhRzQEi0BhlMIcFjIZp0UN\nPa1nqJ0YKZbZ/+vvqzd6c6lALjsYBSOhkEpmr0ZivaXl1wIPB4cZ4yrKjMlO0DsP\nqsG4YmwIq+pl85wH4dPA2TG7mMF4CdWYvykUQlVfYSlGAXAllGaeNDAnySfi/FWE\nzXTdkjxc9uHojrhfUtX5pDoflFWoerbbaLK//fCTFuULhKfAhe5QidiCiU+LpFb2\naM23SHk+HZm8LnC2KM0fe0VzSk9fHWgOYXHx0iOYsqwRzHwe+d+AJ4bZkKxf2/pT\n/eC3svyPRxA=fsAW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          },
          {
            "db": "CERT/CC",
            "id": "VU#794544"
          },
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          },
          {
            "db": "PACKETSTORM",
            "id": "168983"
          },
          {
            "db": "PACKETSTORM",
            "id": "161281"
          },
          {
            "db": "PACKETSTORM",
            "id": "161139"
          },
          {
            "db": "PACKETSTORM",
            "id": "161137"
          },
          {
            "db": "PACKETSTORM",
            "id": "161141"
          },
          {
            "db": "PACKETSTORM",
            "id": "161163"
          },
          {
            "db": "PACKETSTORM",
            "id": "161142"
          }
        ],
        "trust": 2.34
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-383931",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-3156",
            "trust": 2.6
          },
          {
            "db": "CERT/CC",
            "id": "VU#794544",
            "trust": 1.9
          },
          {
            "db": "PACKETSTORM",
            "id": "161230",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161160",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161270",
            "trust": 1.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161293",
            "trust": 1.1
          },
          {
            "db": "MCAFEE",
            "id": "SB10348",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/01/27/2",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/01/26/3",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/02/15/1",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/01/27/1",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2021/09/14/2",
            "trust": 1.1
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2024/01/30/6",
            "trust": 1.0
          },
          {
            "db": "OPENWALL",
            "id": "OSS-SECURITY/2024/01/30/8",
            "trust": 1.0
          },
          {
            "db": "PACKETSTORM",
            "id": "176932",
            "trust": 1.0
          },
          {
            "db": "PACKETSTORM",
            "id": "161163",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161141",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161142",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161139",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161281",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161137",
            "trust": 0.2
          },
          {
            "db": "PACKETSTORM",
            "id": "161143",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161152",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161138",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161144",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161140",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161272",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161398",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161136",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161135",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "161145",
            "trust": 0.1
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-99117",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-383931",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "168983",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#794544"
          },
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          },
          {
            "db": "PACKETSTORM",
            "id": "168983"
          },
          {
            "db": "PACKETSTORM",
            "id": "161281"
          },
          {
            "db": "PACKETSTORM",
            "id": "161139"
          },
          {
            "db": "PACKETSTORM",
            "id": "161137"
          },
          {
            "db": "PACKETSTORM",
            "id": "161141"
          },
          {
            "db": "PACKETSTORM",
            "id": "161163"
          },
          {
            "db": "PACKETSTORM",
            "id": "161142"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          }
        ]
      },
      "id": "VAR-202101-1926",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2026-03-09T22:27:02.630000Z",
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-193",
            "trust": 1.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.2,
            "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
          },
          {
            "trust": 1.1,
            "url": "https://www.kb.cert.org/vuls/id/794544"
          },
          {
            "trust": 1.1,
            "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sudo-privesc-jan2021-qnyqfcm"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
          },
          {
            "trust": 1.1,
            "url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
          },
          {
            "trust": 1.1,
            "url": "https://support.apple.com/kb/ht212177"
          },
          {
            "trust": 1.1,
            "url": "https://www.sudo.ws/stable.html#1.9.5p2"
          },
          {
            "trust": 1.1,
            "url": "https://www.synology.com/security/advisory/synology_sa_21_02"
          },
          {
            "trust": 1.1,
            "url": "https://www.debian.org/security/2021/dsa-4839"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2021/jan/79"
          },
          {
            "trust": 1.1,
            "url": "http://seclists.org/fulldisclosure/2021/feb/42"
          },
          {
            "trust": 1.1,
            "url": "https://security.gentoo.org/glsa/202101-33"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/161160/sudo-heap-based-buffer-overflow.html"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/161230/sudo-buffer-overflow-privilege-escalation.html"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/161270/sudo-1.9.5p1-buffer-overflow-privilege-escalation.html"
          },
          {
            "trust": 1.1,
            "url": "http://packetstormsecurity.com/files/161293/sudo-1.8.31p2-1.9.5p1-buffer-overflow.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "trust": 1.1,
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "trust": 1.1,
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
          },
          {
            "trust": 1.1,
            "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
          },
          {
            "trust": 1.0,
            "url": "http://seclists.org/fulldisclosure/2024/feb/3"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
          },
          {
            "trust": 1.0,
            "url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
          },
          {
            "trust": 1.0,
            "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-heap-based-buffer-overflow.html"
          },
          {
            "trust": 1.0,
            "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
          },
          {
            "trust": 1.0,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
          },
          {
            "trust": 1.0,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10348"
          },
          {
            "trust": 1.0,
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-3156"
          },
          {
            "trust": 0.8,
            "url": "cve-2021-3156  "
          },
          {
            "trust": 0.7,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
          },
          {
            "trust": 0.5,
            "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/cve/cve-2021-3156"
          },
          {
            "trust": 0.5,
            "url": "https://bugzilla.redhat.com/):"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/key/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/team/contact/"
          },
          {
            "trust": 0.5,
            "url": "https://access.redhat.com/security/updates/classification/#important"
          },
          {
            "trust": 0.4,
            "url": "https://access.redhat.com/articles/11258"
          },
          {
            "trust": 0.1,
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10348"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/"
          },
          {
            "trust": 0.1,
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/sudo"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/articles/2974891"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25685"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0401"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25686"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/security/cve/cve-2020-25684"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0225"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0220"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0227"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4705-2"
          },
          {
            "trust": 0.1,
            "url": "https://usn.ubuntu.com/4705-1"
          },
          {
            "trust": 0.1,
            "url": "https://access.redhat.com/errata/rhsa-2021:0224"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#794544"
          },
          {
            "db": "VULHUB",
            "id": "VHN-383931"
          },
          {
            "db": "PACKETSTORM",
            "id": "168983"
          },
          {
            "db": "PACKETSTORM",
            "id": "161281"
          },
          {
            "db": "PACKETSTORM",
            "id": "161139"
          },
          {
            "db": "PACKETSTORM",
            "id": "161137"
          },
          {
            "db": "PACKETSTORM",
            "id": "161141"
          },
          {
            "db": "PACKETSTORM",
            "id": "161163"
          },
          {
            "db": "PACKETSTORM",
            "id": "161142"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#794544",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-383931",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "168983",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161281",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161139",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161137",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161141",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161163",
            "ident": null
          },
          {
            "db": "PACKETSTORM",
            "id": "161142",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2021-3156",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-02-04T00:00:00",
            "db": "CERT/CC",
            "id": "VU#794544",
            "ident": null
          },
          {
            "date": "2021-01-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-383931",
            "ident": null
          },
          {
            "date": "2021-01-28T20:12:00",
            "db": "PACKETSTORM",
            "id": "168983",
            "ident": null
          },
          {
            "date": "2021-02-03T16:36:53",
            "db": "PACKETSTORM",
            "id": "161281",
            "ident": null
          },
          {
            "date": "2021-01-27T14:06:12",
            "db": "PACKETSTORM",
            "id": "161139",
            "ident": null
          },
          {
            "date": "2021-01-27T14:05:54",
            "db": "PACKETSTORM",
            "id": "161137",
            "ident": null
          },
          {
            "date": "2021-01-27T14:06:28",
            "db": "PACKETSTORM",
            "id": "161141",
            "ident": null
          },
          {
            "date": "2021-01-28T13:59:34",
            "db": "PACKETSTORM",
            "id": "161163",
            "ident": null
          },
          {
            "date": "2021-01-27T14:06:37",
            "db": "PACKETSTORM",
            "id": "161142",
            "ident": null
          },
          {
            "date": "2021-01-26T21:15:12.987000",
            "db": "NVD",
            "id": "CVE-2021-3156",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2021-04-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#794544",
            "ident": null
          },
          {
            "date": "2022-09-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-383931",
            "ident": null
          },
          {
            "date": "2025-11-10T14:41:45.053000",
            "db": "NVD",
            "id": "CVE-2021-3156",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "local",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168983"
          },
          {
            "db": "PACKETSTORM",
            "id": "161163"
          }
        ],
        "trust": 0.2
      },
      "title": {
        "_id": null,
        "data": "Sudo set_cmd() is vulnerable to heap-based buffer overflow",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#794544"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "_id": null,
        "data": "overflow, root",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "168983"
          },
          {
            "db": "PACKETSTORM",
            "id": "161139"
          },
          {
            "db": "PACKETSTORM",
            "id": "161137"
          },
          {
            "db": "PACKETSTORM",
            "id": "161141"
          },
          {
            "db": "PACKETSTORM",
            "id": "161142"
          }
        ],
        "trust": 0.5
      }
    }