Daniele Montanaro

**Name of the Vulnerable Software and Affected Versions** BeyondInsight versions prior to 23.2 **Description** The issue allows for arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability. This enables unauthorized actions on the server. **Recommendations** For versions prior to 23.2, update to version 23.2 or later to resolve the issue. As a temporary workaround, consider restricting access to HTTP-based connectors within BeyondInsight to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BeyondInsight versions prior to 23.1 **Description** An information disclosure issue exists, allowing an attacker to enumerate usernames. **Recommendations** For versions prior to 23.1, update to version 23.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BeyondTrust U-Series Appliance versions 3.4 through 4.0.2 **Description** The issue is related to Improper Privilege Management in the BeyondTrust U-Series Appliance on Windows, 64-bit, specifically affecting the filesystem modules. This allows for DLL Side-Loading. **Recommendations** For versions 3.4 through 4.0.2, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the filesystem modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BeyondTrust U-Series Appliance versions 3.4 through 4.0.2 **Description** The issue is related to improper privilege management, allowing privilege escalation. This is due to a vulnerability in the local appliance API modules on Windows, 64-bit systems. **Recommendations** For versions 3.4 through 4.0.2, update to version 4.0.3 or later to resolve the issue.