Vulnerabilities > Sysaid

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-36393 Unspecified vulnerability in Sysaid
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
network
low complexity
sysaid
critical
9.8
2024-06-06 CVE-2024-36394 Unspecified vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid
critical
9.8
2023-12-25 CVE-2023-47247 Unspecified vulnerability in Sysaid
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
network
low complexity
sysaid
4.3
2023-11-24 CVE-2023-33706 Authorization Bypass Through User-Controlled Key vulnerability in Sysaid
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
network
low complexity
sysaid CWE-639
6.5
2023-11-10 CVE-2023-47246 Path Traversal vulnerability in Sysaid
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
network
low complexity
sysaid CWE-22
critical
9.8
2023-07-30 CVE-2023-32225 Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
network
low complexity
sysaid CWE-434
7.2
2023-07-30 CVE-2023-32226 Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
network
low complexity
sysaid CWE-552
6.5
2022-09-11 CVE-2022-40322 Cross-site Scripting vulnerability in Sysaid Help Desk
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.
network
low complexity
sysaid CWE-79
6.1
2022-09-11 CVE-2022-40323 Cross-site Scripting vulnerability in Sysaid Help Desk
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
network
low complexity
sysaid CWE-79
6.1
2022-09-11 CVE-2022-40324 Cross-site Scripting vulnerability in Sysaid Help Desk
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.
network
low complexity
sysaid CWE-79
6.1