Vulnerabilities > CVE-2015-3001 - Credentials Management vulnerability in Sysaid
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | SysAid Help Desk 14.4 - Multiple Vulnerabilities. CVE-2015-2993,CVE-2015-2994,CVE-2015-2995,CVE-2015-2996,CVE-2015-2997,CVE-2015-2998,CVE-2015-2999,CVE-2015-... |
id | EDB-ID:43885 |
last seen | 2018-01-25 |
modified | 2015-06-10 |
published | 2015-06-10 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43885/ |
title | SysAid Help Desk 14.4 - Multiple Vulnerabilities |
Packetstorm
data source | https://packetstormsecurity.com/files/download/132138/sysaidhelpdesk-execdos.txt |
id | PACKETSTORM:132138 |
last seen | 2016-12-05 |
published | 2015-06-03 |
reporter | Pedro Ribeiro |
source | https://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html |
title | SysAid Help Desk 14.4 Code Execution / Denial Of Service / Traversal / SQL Injection |
References
- http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Jun/8
- http://www.securityfocus.com/archive/1/535679/100/0/threaded
- http://www.securityfocus.com/bid/75035
- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk