Vulnerabilities > Sysaid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-36393 | SQL Injection vulnerability in Sysaid SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.8 |
| 2024-06-06 | CVE-2024-36394 | OS Command Injection vulnerability in Sysaid SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2023-12-25 | CVE-2023-47247 | Unspecified vulnerability in Sysaid In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | 4.3 |
| 2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |
| 2023-11-10 | CVE-2023-47246 | Path Traversal vulnerability in Sysaid In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 9.8 |
| 2023-07-30 | CVE-2023-32225 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | 7.2 |
| 2023-07-30 | CVE-2023-32226 | Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. | 6.5 |
| 2022-09-11 | CVE-2022-40322 | Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579. | 6.1 |
| 2022-09-11 | CVE-2022-40323 | Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241. | 6.1 |
| 2022-09-11 | CVE-2022-40324 | Cross-site Scripting vulnerability in Sysaid Help Desk SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258. | 6.1 |