CSIRT Toscana

CSIRT Toscana

Tag: BeyondTrust
Pagina 1 di 1

29 Luglio 2025

Vulnerabilità in BeyondTrust (AL02/250729/CSIRT-ITA)

BeyondTrust ha rilasciato aggiornamenti per correggere due vulnerabilità con gravità “alta” relativamente al prodotto Privilege Management per Windows, noto anche come Endpoint Privilege Management (EPM), soluzione di sicurezza che consente alle organizzazioni di gestire i privilegi, applicando il principio del privilegio minimo, sui dispositivi di tipo endpoint. Tali vulnerabilità, qualora sfruttate, potrebbero consentire ad un utente malintenzionato di elevare i propri privilegi e/o di eludere i meccanismi di sicurezza sui sistemi target.

Categorie

Alert

Argomenti

BeyondTrust Endpoint Privilege Management

19 Giugno 2025

Vulnerabilità in BeyondTrust (AL01/250619/CSIRT-ITA)

BeyondTrust ha rilasciato aggiornamenti per correggere una vulnerabilità con gravità “alta” relativamente ai prodotti BeyondTrust Remote Support (RS), progettato per fornire supporto remoto sicuro e immediato agli utenti finali e ai dispositivi, e Privileged Remote Access (PRA), utilizzato per gestire e monitorare gli accessi privilegiati ai sistemi critici in modo sicuro. Tale vulnerabilità, qualora sfruttata, potrebbe permettere ad un utente malintenzionato remoto di eseguire codice arbitrario sui sistemi target.

Categorie

Alert

Argomenti

BeyondTrust Privileged Remote Access Remote Support

14 Gennaio 2025

BeyondTrust: rilevato sfruttamento in rete delle vulnerabilità CVE-2024-12686 e CVE-2024-12356 (AL03/250114/CSIRT-ITA)

Sintesi Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-12686, con gravità “media”, e della vulnerabilità CVE-2024-12356, con gravità “alta” – già sanate dal vendor a dicembre 2024 – relative ai prodotti BeyondTrust Remote Support (RS), progettato per fornire supporto remoto sicuro e immediato agli utenti finali e ai dispositivi, e Privileged Remote Access (PRA), utilizzato per gestire e monitorare gli accessi privilegiati ai sistemi critici in modo sicuro.

Categorie

Alert

Argomenti

BeyondTrust Exploited Privileged Remote Access Remote Support

Altri argomenti

0-day

0-day

7-Zip

AC7

Access Rights Manager

Acer

ACN

Acrobat

Acrobat Reader

Acronis

Acronis Cyber Infrastructure

Active Directory

Adaptive Security Appliance

Adaptive Security Virtual Appliance

Adattivo

ADAudit Plus

ADC

AdminServer

Adobe

Adobe Photoshop

ADSelfService Plus

Advance Steel

AEM Forms

After Effects

Agent Tesla

Agenzia delle Entrate - Riscossione

Agile PLM Framework

AI Core

Aiohttp

Airflow

AirPlay

Amministrazione

Analog Telephone Adapter

Analytics

Analytics Plus

Android

Animate

Antivirus

AnyConnect VPN Server

AP

Apache

Apache Cassandra

Apex Central

Apex Central

Apex One

Apex One

ApexOne

APM Server

Apple

Aquabot

ArcaneDoor

Arcserve

Aria Automation

Aria Automation

Aria Operations

AriaOperations

Arma dei Carabinieri

Aruba

ASA

Assets Discovery

Asus

AsyncOS

Atlassian

Atlassian Confluence

Audition

Authentication Gateway

AutoCAD

Autodesk

Avalanche

AVEVA

Avi Load Balancer

Avro

Azure

backdoor

Backup & Replication

Backup & Replication

Backup Enterprise Manager

Bamboo

Bamboo Data Center

Beats

BeeDrive

BeePhotos

BeeStation

Best Practices

BeyondTrust

BIG-IP

BIG-IP

BIND

Bitdefender

BNL

BNPP

Botnet

Bridge

Broadcom

BusinessObjects

C2

Cacti

Caldera

Callback

Camaleon CMS

Camera

Campagna

Canon

Catalyst Center

Catalyst SD-WAN

CAX30

CentreStack

CheckPoint

Chrome

Cisco

Cisco Security Manager

Citrix

Citrix ADC

Citrix Gateway

Citrix Session Recording

Citrix uberAgent

CitrixBleed2

Civil 3D

ClamAV

Cleo

Cloud Agent

Cloud Data Flow

Cloud Foundation

Cloud Foundation

Cloud One Trend Micro

Cloud Platform

Cloud Service Appliance

Cloud Services Application

Cloud Services Application

Cloud Skipper

Cloude Platform

CloudEdge

CloudGatewayServer

ColdFusion

Collaboration Daffodil

Collaboration Daffodil

Collaboration Joule

Collaboration Joule

Collaboration Kepler

Collaboration Kepler

Commerce

Community Editio

Community Edition

Community Edition

Commvault

Commvault Command Center

Compass

ConfD

Confluence

Confluence Data Center

Confluence Server

Connect

Connect Secure

ConnectWise

ConneXium Network Manager

Console On-Premise

Control Center

corrispondenza

Cortex XSOAR

CPython

CraftCMS

Critical Patch Update

Crosswork Network Services Orchestrator

CrowdStrike

CrushFTP

CSA

CSIRT

CUPS

cURL

Cyber Protect

Cyber Protect Cloud

Cyber Protect Cloud Agent

CyberPanel

D-Link

Dahua

DameWare

Data Center

Db2

Decathlon

Deep Security Agent

Deep Security Agent

Desktop and Server Management

Desktop Central

DHCP

Diagnostic Tool

Dimension

Django

Docker

Docker Desktop

Docs@Work for Android

DolphinScheduler

DrayTek

Dreamweaver

Drive Client

Drive Server

dropper

Drupal

Drupal Core

DSL CPE

DSM

DSMUC

DWG TrueView

DXP

ECE

EcoStruxure

Elastic Cloud Enterprise

Elastic NV

Elastic NV

EMM

Endpoint Manager

Endpoint Manager for Mobile

Endpoint Privilege Management

Endpoint Security

EndpointManager

Enterprise

Enterprise Edition

Enterprise Edition

Enterprise Protection

EoL

EPM

EPMM

EPSS

Erlang Solutions

Erlang/OTP

Eset

ESXi

Exchange Reporter Plus

Exim

Expedition

Experience Manager Forms

Exploitation

Exploited

Expressway

Exynos

F5 Networks

F5OS

FalconSensor

Fattura

FileCatalyst

FileCatalyst Workflow

FileSender

Finesse

Firefox

Firefox ESR

Firefox ESR

Firefox for iOS

Firepower Management

Firepower Threat Defense

Fleet Server

Flowmon

Fluent Bit

Focus

FortiADC

FortiAIOps

FortiAnalyzer

FortiCamera

FortiClientEMS

FortiClientLinux

FortiClientMac

FortiClientWindows

FortiEDR

FortiExtender

Fortigate

Fortimail

FortiManager

FortiManager Cloud

FortiNDR

Fortinet

FortiOS

FortiPAM

FortiPortal

FortiProxy

FortiRecorder

FortiSandbox

FortiSIEM

FortiSOAR

FortiSRA

FortiSwitch

FortiSwitchManager

FortiVoice

FortiWeb

FortiWebManager

FortiWLM

Fortra

Foundation

Framemaker

Framework

Freedom

FreeFlow Core

FreeType

FTD

FTP

Fusion

Gateway

Gen7

Generali

GeoServer

Ghostscript

Git

GitHub

GitHub Enterprise Server

GitLab

GitlLab

Gladinet

glibc

GlobalProtect App

GMS

GNU

GoAnywhere MFT

Google

Google Chrome

Grafana

GravityZone

GravityZone Control Center

GuLoader

Harmony

HBS 3 Hybrid Backup Sync

HCX

Hikvision

HTTP Server

HTTP Server

HTTP/2

HTTP/2

HugeGraph

Hype

Hypervisor

IBM

iCloud

ICS

IdendityIQ

Illustrator

Image Builder

Image-Builder

IMC

Imperva

InCopy

InDesign

info-stealer

Infostealer

Infrastructure Parts Editor

InfraWorks

Ingress

Ingress Controller

IngressNightmare

INPS

Integrated Management Controller

Intelligent Node

Intercept X

Intercom Broadcasting System

InterMesh Subscriber

Internet Security

Intesa Sanpaolo

IoC

iOS

IOS XE

IOS XR

IoT

iPadOS

IPS

ISAC

ISC

Ivanti

Ivanti Application Control

Ivanti Connect Secure

Ivanti Connect Secure

Ivanti EPM

Ivanti Neurons

Ivanti Policy Secure

Ivanti Policy Secure

Ivanti Security Controls

Ivanti Sentry

IWC

Java

JBoss

JDBC

Jenkins

Jenkins Core

Jenkins LTS

Jenkins Security Advisory

Jenkins weekly

JetBrains

Jira

Jira Core Data Center

Joomla!

Juniper Networks

Juniper Networks

Junos OS

Junos OS Evolved

Junos Space

JunosOS

JunosOS Evolved

KEA

kernel

Kibana

KQL query

Kubernetes

La settimana cibernetica

Laravel

LDAP

LegionLoader

Lens

LexiCom

libexpat

liblzma

LibreOffice

License Central

Liferay

Lightroom

Linux

LummaC2

Lynx

macOS

Magento

MagicINFO

malspam

Malvertising

malware

Manage

ManageEngine

Mastodon

Mattermost

Mautic

MDM

Media Encoder

Media Server for DSM

Media Streaming

Meeting

Meeting SDK

Meeting SDK

MegaRAC SPx

Meraki

Meraki MX

Meraki Z

Messages

MiCollab

Microsoft

Microsoft Edge

Microsoft Outlook

MikroTik

Ministero della Difesa

Mirth Connect

MISP

Mitel

MITRE

MiVoice

MobileIron Core

Moby

Modicon

MondoDB

MongoDB

MongoDB C Driver

MongoDB libbson

MongoDB PHP Driver

MongoDB Server

MongoDB Server

MongoDBServer

mongosh

Moodle

MOVEit

MOVEit Transfer

Mozilla

MTA

myQNAPcloud

N-able

N-central

NAKIVO

NAS

Navisworks

NDFC

Needrestart

Nessus

NetExtender

Netgear

NetScaler

Netty

NetWeaver

Networks Expedition

Neurons

Neurons Agent Platform

Neurons for ITSM

Neurons for Patch Management

Neurons for Secure Access

Next.js

Nextcloud Server

NextGen HealthCare

Nexus

Nexus Dashboard

Nexus switch

nf_tables

NGINX

NMS300

node-SAML

Node.js

Node.js

NodeStealer

Notepad++

Notes Station

Now Platform

Now Platform

NPM

NVR

NX-OS

OFBiz

One

open source

OpenCTI

OpenEdge

OpenMetadata

OpenPrinting

OpenShift

OpenSSH

OpenSSL

OpenVPN

Operation 99

Operation ForumTroll

Oracle

Outlook

OwnCloud

Palo Alto Networks

Palo Alto Networks

Pan-OS

PAN-OS

PaperCut

Paragon

Paragon Active Assurance

Parallels Desktop

Parallels Desktop

Parquet

Partner Center

Patch for Configuration Manager

Patch-Tuesday

Patch-Tuesday

Path-Tuesday

pgAdmin

PgBouncer

phishing

Phishing Microsoft

Photos

Photoshop

PHP

PikaBot

Pixel

Pixels

Platform

plugin

PoC

Policy Secure

Policy Secure Gateways

Poste Italiane

PostgreSQL

Power Pages

PowerLogic

Premier Pro

Premiere Pro

Privileged Remote Access

Privileged Remote Access

Progress

Progress Software

Progress Software

Project RedPenguin

Proofpoint

Pulse Connect Secure

PuTTy

Python

Qlik

Qlik Sense Enterprise

QNAP

Qsync Central

QTS

QTS QuTS hero

Quishing

QuLog Center

QuMagie

QuRouter

QuTS hero

QuTScloud

R

R7000

Ransomware

RARLAB

RAT

RAX30

RCE

Reader

Realtek

Recovery Orchestrator

RedHat

Redis

Regione Toscana

regreSSHion

Remote Support

Remote Support

Replication Service

Revit

Rexml

Rhadamantys

RISK:STATION

Rooms

Rooms Client

Rooms Client

Rooms Controller

RoundCube

Router

Rsync

Ruby

RubyGems

Rust

Safari

SailPoint

SambaSpy

saml

Samsung

SAP

SAPSetup

Scam

Schneider Electric

Schneider Electric

ScreenConnect

SD-WAN

Secure Access

Secure Access Client

Secure client

Secure Email Gateway

Secure Endpoint

Secure Firewall Management Center

Secure Firewall Threat Defense Virtual

Secure Gateway

SecureSphere

Security Director

Security Gateways

Security Patch Day

Security router

SEM

Sentry

Serv-U

Server

Service Provider Console

Service Tags

ServiceNow

SharePoint

Siemens

SimpleHelp

Simulate

SINEC INS

SiPass Integrated

Sitefinity

Siveillance Video

SMA 100

SMA100

SMA1000

Smart Software Manager On-Prem

SMB

Smishing

Snort Rule

SolarWinds

Sondaggio

SonicOS

SonicWall

Sophos

Sourcetree

Splunk

Spoofing

Spring

Squid

SSL VPN

SSL-VPN

Stampanti multifunzione

Struts

Substance 3D Designer

Substance 3D Modeler

Substance 3D Painter

Substance 3D Painter

Substance 3D Sampler

Substance 3D Stager

Substance 3D Stager

Substance 3D Viewer

Substance3DModeler

Substance3DPainter

Substance3DStager

Substance3DViewer

Sudo

Superset

Surveillance Station

Symantec

SymDiag

Synology

Teamcity

Tecnomatix Plant Simulation

Telco Cloud Infrastructure

Telco Cloud Platform

Telegram

Telerik Report Server

Telerik Reporting

Tenable

Tenable Patch Management

Tenda

Thales

Thuderbird ESR

Thunderbird

Thunderbird ESR

Thunderbird ESR

ThunderKitty

TIM

Tinyproxy

TMEE PolicyServer

Tomcat

Tools

Total Security

ToxicPanda

Traffic Server

Transfer

Trellix

Trend Micro

Trend Micro

Trenitalia

trojan

tvOS

Typo3

UDP

UEFI

UI Macros

UIWS

Unified Communications Manager

Unified Communications Manager SME

Unified Intelligence Center

Unity Connection

Unix

Update Server

uri gem

vCenter Server

vCenter Server

Veeam

Velocity License Server

VenomStealer

Vercel

Versalink

Video SDK

Video Station

Vigor

Vijeo Designer

Virtual Apps and Desktops

Virtual Apps and Desktops

Virtual Delivery Agent

Virtual Traffic Manager

Vishing

visionOS

Visual Composer Framework

VLTrader

VMWare

VMware Aria Automation

VMware Cloud Foundation

VMware SD-WAN Orchestrator

VMware Tools

VPN

VSPC

vSphere

Vulnerabilità

WAF

Warlock

watchOS

Wazuh

Web Dispatcher

Web Help Desk

Webex

WebHelpDesk

WebKit

Webmail

WFBS

WFBSS

Whatsapp

WhatsUp Gold

WhatsUp Gold

WiFi

WildFly

Windows

Wing FTP Server

WinRAR

WithSecure

WLCAireOS

WordPress

Workplace

Workspace

Workstation

Workstation Cloud

Workstation Pro

Xcode

XenServer

Xerox

XR1000

XR1000v2

XWiki

XWorm

XZ Utils

Yara Rule

yiiframework

YouTrack

Zabbix

zero-day

Zimbra

Zoho

Zoom

ZTA Gateway

ZTA Gateways

ZTA Gateways

Zyxel