CVE-2021-31589

moderate-risk
Published 2022-01-05

A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.

Do I need to act?

!
16.4% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Beyondtrust

References (6)

Exploit http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross...
Exploit https://cxsecurity.com/issue/WLB-2022010013
Release Notes https://www.beyondtrust.com/docs/release-notes/index.htm
Exploit http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross...
Exploit https://cxsecurity.com/issue/WLB-2022010013
Release Notes https://www.beyondtrust.com/docs/release-notes/index.htm
41
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 13/34 · Low
Exposure 5/34 · Minimal