What is the severity of CVE-2024-5812?

CVE-2024-5812 is classified as a low severity vulnerability.

How does CVE-2024-5812 impact BIPS?

CVE-2024-5812 allows an attacker with high privileges to overwrite Read-Only smart rules via a specially crafted API request.

What versions of BIPS are affected by CVE-2024-5812?

CVE-2024-5812 affects BeyondTrust BeyondInsight PasswordSafe versions up to 23.2.0.1293, 23.3.0.959, and 24.1.

How can I mitigate CVE-2024-5812?

To mitigate CVE-2024-5812, ensure that only authorized users have high privilege accounts.

Is a patch available for CVE-2024-5812?

As of now, please consult your BeyondTrust support representative for patch availability regarding CVE-2024-5812.

Vulnerability/
CVE-2024-5812

low

3.3

CWE

290

EPSS

0.043%

11/6/2024

11/2/2025

CVE-2024-5812: Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe

First published: Tue Jun 11 2024(Updated: )

A low severity vulnerability in BIPS has been identified where an attacker with high privileges or a compromised high privilege account can overwrite Read-Only smart rules via a specially crafted API request.

Credit: 13061848-ea10-403d-bd75-c83a022c2891

Affected Software	Affected Version	How to fix
BIPS BeyondInsight PasswordSafe
BeyondTrust BeyondInsight Password Safe	>=23.2<23.2.0.1293
BeyondTrust BeyondInsight Password Safe	>=23.3<23.3.0.959
BeyondTrust BeyondInsight Password Safe	=24.1

Never miss a vulnerability like this again

Reference Links

https://www.beyondtrust.com/trust-center/security-advisories/bt24-07

Frequently Asked Questions

What is the severity of CVE-2024-5812?
CVE-2024-5812 is classified as a low severity vulnerability.
How does CVE-2024-5812 impact BIPS?
CVE-2024-5812 allows an attacker with high privileges to overwrite Read-Only smart rules via a specially crafted API request.
What versions of BIPS are affected by CVE-2024-5812?
CVE-2024-5812 affects BeyondTrust BeyondInsight PasswordSafe versions up to 23.2.0.1293, 23.3.0.959, and 24.1.
How can I mitigate CVE-2024-5812?
To mitigate CVE-2024-5812, ensure that only authorized users have high privilege accounts.
Is a patch available for CVE-2024-5812?
As of now, please consult your BeyondTrust support representative for patch availability regarding CVE-2024-5812.

agent/weakness
agent/references
agent/type
agent/title
agent/first-publish-date
agent/description
agent/author
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
agent/event
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
vendor/beyondtrust
canonical/bips beyondinsight passwordsafe
canonical/beyondtrust beyondinsight password safe
version/beyondtrust beyondinsight password safe/23.2
version/beyondtrust beyondinsight password safe/23.3
version/beyondtrust beyondinsight password safe/24.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.