Vulnerabilities > Sysaid > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-30 | CVE-2023-32225 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | 7.2 |
| 2022-05-12 | CVE-2022-22798 | Unspecified vulnerability in Sysaid 21.1.30/21.4.45 Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. | 8.8 |
| 2022-01-11 | CVE-2021-43971 | SQL Injection vulnerability in Sysaid 20.4.74 A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | 8.8 |
| 2022-01-11 | CVE-2021-43973 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid 20.4.74 An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. | 8.8 |
| 2021-07-22 | CVE-2021-30486 | SQL Injection vulnerability in Sysaid 20.3.64 SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). | 8.8 |