CVE-2021-3187
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/12/2023
Last modified:
27/05/2025
Description
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:* | 5.7 (excluding) | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.15.5 (excluding) | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.13.0 (including) | 10.13.6 (excluding) |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.14.0 (including) | 10.14.6 (excluding) |
| cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:* | ||
| cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page