SB2022031415 - Cross-site scripting in BeyondTrust Secure Remote Access Base Software

Description

This security bulletin contains information about 1 security vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2021-31589)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://www.beyondtrust.com/docs/release-notes/index.htm
• https://cxsecurity.com/issue/WLB-2022010013
• http://packetstormsecurity.com/files/165408/BeyondTrust-Remote-Support-6.0-Cross-Site-Scripting.html
• https://www.checkpoint.com/defense/advisories/public/2022/cpai-2021-1092.html