CVE-2021-31589

A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
Configurations

Configuration 1 (hide)

cpe:2.3:o:beyondtrust:appliance_base_software:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:05

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References () https://cxsecurity.com/issue/WLB-2022010013 - Exploit, Issue Tracking, Third Party Advisory () https://cxsecurity.com/issue/WLB-2022010013 - Exploit, Issue Tracking, Third Party Advisory
References () https://www.beyondtrust.com/docs/release-notes/index.htm - Release Notes, Vendor Advisory () https://www.beyondtrust.com/docs/release-notes/index.htm - Release Notes, Vendor Advisory

07 Feb 2022, 18:59

Type Values Removed Values Added
CVSS v2 : 9.3
v3 : 9.6
v2 : 4.3
v3 : 6.1

25 Jan 2022, 13:05

Type Values Removed Values Added
CWE CWE-352 CWE-79

24 Jan 2022, 12:15

Type Values Removed Values Added
Summary BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint. This cross-site-scripting (XSS) vulnerability occurs when it does not properly sanitize an unauthenticated crafted web request to the server A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.

08 Jan 2022, 02:49

Type Values Removed Values Added
References (MISC) https://www.beyondtrust.com/docs/release-notes/index.htm - (MISC) https://www.beyondtrust.com/docs/release-notes/index.htm - Release Notes, Vendor Advisory
References (MISC) https://cxsecurity.com/issue/WLB-2022010013 - (MISC) https://cxsecurity.com/issue/WLB-2022010013 - Exploit, Issue Tracking, Third Party Advisory
References (MISC) http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html - (MISC) http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:o:beyondtrust:appliance_base_software:*:*:*:*:*:*:*:*
CWE CWE-352
CVSS v2 : unknown
v3 : unknown
v2 : 9.3
v3 : 9.6

05 Jan 2022, 12:25

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-05 12:15

Updated : 2024-11-21 06:05


NVD link : CVE-2021-31589

Mitre link : CVE-2021-31589

CVE.ORG link : CVE-2021-31589


JSON object : View

Products Affected

beyondtrust

  • appliance_base_software
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')