Synopsis:
Privilege Management for Windows - GPO Policy Information Leak
Impacted Product:
Privilege Management for Windows
Summary:
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
BeyondTrust would like to thank Mayer Bar of the Smartsoft PS Team for reporting this vulnerability to us through our secure channel. The CVE ID for this vulnerability is pending.
Product | Version |
---|---|
Privilege Management for Windows | Prior to 24.1 |
Product | Version |
---|---|
Privilege Management for Windows | 24.1 |