Vulnerabilities > Sysaid > Sysaid > 22.4.10

DATE CVE VULNERABILITY TITLE RISK
2023-11-24 CVE-2023-33706 Authorization Bypass Through User-Controlled Key vulnerability in Sysaid
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
network
low complexity
sysaid CWE-639
6.5
6.5