Back

CVE-2024-4220

June 4, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

BeyondInsight

  • before 23.1

Source

13061848-ea10-403d-bd75-c83a022c2891

Tags

CWE-200
2024-06-04
13061848-ea10-403d-bd75-c83a022c2891
CVE-2024-4220

CVE-2024-4220 details

Published : June 4, 2024, 9:15 p.m.
Last Modified : June 4, 2024, 9:15 p.m.

Description

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.

CVSS Score

1 2 3 4.3 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

Base Score

4.3

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

URL Source
https://www.beyondtrust.com/trust-center/security-advisories/BT24-06 13061848-ea10-403d-bd75-c83a022c2891
This website uses the NVD API, but is not approved or certified by it.