Vulnerabilities > CVE-2015-3000 - Resource Management Errors vulnerability in Sysaid

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

COMPLETE

network

low complexity

sysaid

CWE-399

exploit available

NVD

Published: 2015-06-08

Updated: 2018-10-09

Summary

SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack.

Vulnerable Configurations

Part	Description	Count
Application	Sysaid Sysaid Sysaid 6.0 Sysaid Sysaid 6.5 Sysaid Sysaid 14.4 Sysaid Sysaid 15.1	4

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Exploit-Db

description	SysAid Help Desk 14.4 - Multiple Vulnerabilities. CVE-2015-2993,CVE-2015-2994,CVE-2015-2995,CVE-2015-2996,CVE-2015-2997,CVE-2015-2998,CVE-2015-2999,CVE-2015-...
id	EDB-ID:43885
last seen	2018-01-25
modified	2015-06-10
published	2015-06-10
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43885/
title	SysAid Help Desk 14.4 - Multiple Vulnerabilities

Packetstorm

data source	https://packetstormsecurity.com/files/download/132138/sysaidhelpdesk-execdos.txt
id	PACKETSTORM:132138
last seen	2016-12-05
published	2015-06-03
reporter	Pedro Ribeiro
source	https://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
title	SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References