Vulnerabilities > Sysaid

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-47247 Unspecified vulnerability in Sysaid
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
network
low complexity
sysaid
4.3
2023-11-24 CVE-2023-33706 Authorization Bypass Through User-Controlled Key vulnerability in Sysaid
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
network
low complexity
sysaid CWE-639
6.5
2023-11-10 CVE-2023-47246 Path Traversal vulnerability in Sysaid On-Premises
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
network
low complexity
sysaid CWE-22
critical
9.8
2023-07-30 CVE-2023-32225 Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
network
low complexity
sysaid CWE-434
7.2
2023-07-30 CVE-2023-32226 Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
network
low complexity
sysaid CWE-552
6.5
2022-06-24 CVE-2022-23170 XXE vulnerability in Sysaid Okta SSO
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability.
network
sysaid CWE-611
6.8
2022-05-12 CVE-2022-22796 Improper Authentication vulnerability in Sysaid
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.
network
low complexity
sysaid CWE-287
critical
10.0
2022-05-12 CVE-2022-22797 Open Redirect vulnerability in Sysaid
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com.
network
sysaid CWE-601
5.8
2022-05-12 CVE-2022-22798 Unspecified vulnerability in Sysaid 21.1.30/21.4.45
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard.
network
low complexity
sysaid
8.8
2022-05-12 CVE-2022-23165 Cross-site Scripting vulnerability in Sysaid
Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability.
network
sysaid CWE-79
4.3