Vulnerabilities > Sysaid > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-36393 Unspecified vulnerability in Sysaid
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
network
low complexity
sysaid
critical
9.8
2024-06-06 CVE-2024-36394 Unspecified vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid
critical
9.8
2023-11-10 CVE-2023-47246 Path Traversal vulnerability in Sysaid
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
network
low complexity
sysaid CWE-22
critical
9.8
2022-06-24 CVE-2022-23170 XXE vulnerability in Sysaid Okta SSO 22.1.49/22.1.63
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability.
network
low complexity
sysaid CWE-611
critical
9.8
2022-05-12 CVE-2022-22796 Improper Authentication vulnerability in Sysaid
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.
network
low complexity
sysaid CWE-287
critical
9.8
2022-05-12 CVE-2022-23166 Path Traversal vulnerability in Sysaid
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path.
network
low complexity
sysaid CWE-22
critical
9.8
2020-04-21 CVE-2020-10569 Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack.
network
low complexity
sysaid CWE-434
critical
9.8