Vulnerabilities > Sysaid > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-36393 | SQL Injection vulnerability in Sysaid SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 9.8 |
| 2024-06-06 | CVE-2024-36394 | OS Command Injection vulnerability in Sysaid SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 9.8 |
| 2023-11-10 | CVE-2023-47246 | Path Traversal vulnerability in Sysaid In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 9.8 |
| 2022-06-24 | CVE-2022-23170 | XXE vulnerability in Sysaid Okta SSO 22.1.49/22.1.63 SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. | 9.8 |
| 2022-05-12 | CVE-2022-22796 | Improper Authentication vulnerability in Sysaid Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | 9.8 |
| 2022-05-12 | CVE-2022-23166 | Path Traversal vulnerability in Sysaid Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. | 9.8 |
| 2020-04-21 | CVE-2020-10569 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. | 9.8 |