Vulnerabilities > Sysaid > Sysaid > 22.4.60
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |