CVE-2024-5812

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

CVSS v3 3.3 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.beyondtrust.com/trust-center/security-advisories/bt24-07

Configurations

No configuration.

History

13 Jun 2024, 18:36

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de baja gravedad en BIPS donde un atacante con altos privilegios o una cuenta comprometida con altos privilegios puede sobrescribir reglas inteligentes de solo lectura a través de una solicitud API especialmente manipulada.

11 Jun 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-11 16:15

Updated : 2024-06-13 18:36

NVD link : CVE-2024-5812

Mitre link : CVE-2024-5812

CVE.ORG link : CVE-2024-5812

JSON object : View

Products Affected

No product.

CWE

CWE-290

Authentication Bypass by Spoofing

3.3 /10