Vulnerabilities > Sysaid > Sysaid > 20.4.74
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2021-43971 | SQL Injection vulnerability in Sysaid 20.4.74 A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. | 6.5 |
| 2022-01-11 | CVE-2021-43972 | Unspecified vulnerability in Sysaid 20.4.74 An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. | 6.8 |
| 2022-01-11 | CVE-2021-43973 | Unrestricted Upload of File with Dangerous Type vulnerability in Sysaid 20.4.74 An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. | 6.5 |
| 2021-10-29 | CVE-2021-31862 | Cross-site Scripting vulnerability in Sysaid 20.4.74 SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. | 4.3 |