cbcvebase.
CVE-2021-31589
published 2022-01-05

CVE-2021-31589: A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which…

PriorityP183medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
28.31%
97.9th percentile
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.

Affected

1 ranges
VendorProductVersion rangeFixed in
beyondtrustappliance_base_software<= 6.0.1

Detection & IOCsextracted from sources · hover to see the quote

otherBeyondTrust Secure Remote Access Base Software version 6.0.1 and older
  • Fingerprint the target by checking HTTP response body for the case-insensitive string 'bomgar' and confirming HTTP 200 status code to identify vulnerable BeyondTrust Secure Remote Access instances
  • The vulnerability is exploitable by unauthenticated users via specially-crafted web requests; monitor for unsanitized input in web requests targeting BeyondTrust Secure Remote Access endpoints
  • ·Detection template uses a case-insensitive body match for 'bomgar' combined with HTTP 200 status; this is a fingerprinting heuristic and may produce false positives on non-vulnerable or patched BeyondTrust/Bomgar instances
  • ·Affected versions are 6.0.1 and older; ensure version confirmation is part of any detection or triage workflow to avoid false positives on patched systems

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.