Vulnerabilities > Sysaid > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-47246 | Path Traversal vulnerability in Sysaid On-Premises In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 9.8 |
| 2022-05-12 | CVE-2022-22796 | Improper Authentication vulnerability in Sysaid Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | 10.0 |
| 2022-05-12 | CVE-2022-23166 | Path Traversal vulnerability in Sysaid Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. | 10.0 |
| 2020-04-21 | CVE-2020-10569 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premise 20.1.11 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. | 9.8 |