Vulnerabilities > Sysaid > Sysaid ON Premises > 5.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47246 Path Traversal vulnerability in Sysaid On-Premises
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
network
low complexity
sysaid CWE-22
critical
 9.8
9.8
2023-07-30 CVE-2023-32225 Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid On-Premises
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
network
low complexity
sysaid CWE-434
7.2
7.2
2023-07-30 CVE-2023-32226 Files or Directories Accessible to External Parties vulnerability in Sysaid On-Premises
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.
network
low complexity
sysaid CWE-552
6.5
6.5
2020-10-02 CVE-2020-13168 Cross-site Scripting vulnerability in Sysaid On-Premises and Sysaidsy On-Premises
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
network
sysaid CWE-79
4.3
4.3