Vulnerabilities > Sysaid
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2021-43974 | Missing Authentication for Critical Function vulnerability in Sysaid Itil 20.4.74 An issue was discovered in SysAid ITIL 20.4.74 b10. | 5.3 |
| 2021-12-14 | CVE-2021-36721 | Unspecified vulnerability in Sysaid Application Programming Interface Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server. | 5.3 |
| 2021-10-29 | CVE-2021-31862 | Cross-site Scripting vulnerability in Sysaid 20.4.74 SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. | 6.1 |
| 2021-07-22 | CVE-2021-30049 | Cross-site Scripting vulnerability in Sysaid 20.3.64 SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | 6.1 |
| 2021-07-22 | CVE-2021-30486 | SQL Injection vulnerability in Sysaid 20.3.64 SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). | 8.8 |
| 2020-10-02 | CVE-2020-13168 | Cross-site Scripting vulnerability in Sysaid On-Premises and Sysaidsy On-Premises SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | 6.1 |
| 2020-04-21 | CVE-2020-10569 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. | 9.8 |