Vulnerabilities > Sysaid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-36393 | SQL Injection vulnerability in Sysaid SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.8 |
| 2024-06-06 | CVE-2024-36394 | OS Command Injection vulnerability in Sysaid SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2023-12-25 | CVE-2023-47247 | Unspecified vulnerability in Sysaid In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | 4.3 |
| 2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |
| 2023-11-10 | CVE-2023-47246 | Path Traversal vulnerability in Sysaid On-Premises In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 9.8 |
| 2023-07-30 | CVE-2023-32225 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | 7.2 |
| 2023-07-30 | CVE-2023-32226 | Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. | 6.5 |
| 2022-06-24 | CVE-2022-23170 | XXE vulnerability in Sysaid Okta SSO SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. | 6.8 |
| 2022-05-12 | CVE-2022-22796 | Improper Authentication vulnerability in Sysaid Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | 10.0 |
| 2022-05-12 | CVE-2022-22797 | Open Redirect vulnerability in Sysaid Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. | 5.8 |