CVE-2024-4220 MEDIUM

CVE-2024-4220: Information Disclosure in BeyondInsight

Vendor Beyondtrust
Product BeyondInsight
Weakness CWE-200 · Info exposure
Published June 4, 2024
Last update August 1, 2024

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames.

Key dates

02Disclosure timeline

June 4, 2024 CVE published
August 1, 2024 Record updated