Privileged Remote Access
Approved changes feed: RSS · Atom
cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Beyondtrust (673561b0-1cd3-565b-80ef-06b287294740) |
|---|---|
| Product | Privileged Remote Access (8f7d0fc4-e800-548d-baa9-26a900491edf) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1731 |
vulnerable | 2026-06-03 15:14:45.222413 |
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Published: 2026-02-06T21:49:20.844Z
Updated: 2026-02-26T15:04:15.451Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-5309 |
vulnerable | 2026-06-03 15:06:27.505104 |
Remote Support & Privileged Remote Access server side template injection
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
Published: 2025-06-16T16:06:14.413Z
Updated: 2026-02-26T17:50:35.531Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0217 |
vulnerable | 2026-06-03 14:58:24.013759 |
Privileged Remote Access Authentication Bypass
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
Published: 2025-05-05T17:00:05.244Z
Updated: 2025-11-03T19:35:05.560Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12686 |
vulnerable | 2026-06-03 14:54:22.974599 |
Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA)
MEDIUM (6.6)
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
Published: 2024-12-18T20:23:57.909Z
Updated: 2025-10-21T22:55:34.086Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12356 |
vulnerable | 2026-06-03 14:54:16.190881 |
Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)
CRITICAL (9.8)
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Published: 2024-12-17T04:29:07.883Z
Updated: 2025-10-21T22:55:34.239Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23632 |
vulnerable | 2026-06-03 14:49:28.288375 |
Details available
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.
Published: 2023-10-12T00:00:00.000Z
Updated: 2025-11-03T19:27:59.824Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.