CVE-2024-4219

MEDIUM

BeyondInsight < 23.2 - Server-Side Request Forgery via HTTP-based Connectors

Title source: llm

Description

Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability.

References (1)

Core 1

Core References

Vendor Advisory

https://www.beyondtrust.com/trust-center/security-advisories/BT24-05

Scores

CVSS v3 4.8

EPSS 0.0022

EPSS Percentile 11.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (1)

beyondtrust/beyondinsight < 23.2

Published Jun 04, 2024

Tracked Since Feb 18, 2026