Beyondtrust: >> Privilege Management For Windows >> 5.7 Security Vulnerabilities
An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges.
CVSS Score
6.3
EPSS Score
0.0
Published
2024-02-16
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
CVSS Score
3.3
EPSS Score
0.0
Published
2024-02-16
The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-12-25
In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-12-12
BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-19