CVE-2024-4219

Description

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

CVSS breakdown

CVSS 3.1

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

BeyondTrust / BeyondInsight0 – 23.2

References

VENDOR_ADVISORYhttps://www.beyondtrust.com/trust-center/security-advisories/BT24-05