Vulnerabilities > Sysaid > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-30 | CVE-2023-32225 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. | 7.2 |
2022-05-12 | CVE-2022-22798 | Unspecified vulnerability in Sysaid 21.1.30/21.4.45 Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. | 8.8 |
2015-06-08 | CVE-2015-3000 | Resource Management Errors vulnerability in Sysaid SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. | 7.8 |
2015-06-08 | CVE-2015-2996 | Path Traversal vulnerability in Sysaid Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. | 8.5 |
2015-06-08 | CVE-2015-2993 | Permissions, Privileges, and Access Controls vulnerability in Sysaid SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. | 7.5 |