Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-27775
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash
4.3
CVSSv3
CVE-2023-47247
In SysAid On-Premise prior to 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
Sysaid Sysaid
6.5
CVSSv3
CVE-2023-33706
SysAid prior to 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
Sysaid Sysaid
9.8
CVSSv3
CVE-2023-47246
In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Sysaid Sysaid On-premises
2 Github repositories
1 Article
7.2
CVSSv3
CVE-2023-32225
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
Sysaid Sysaid On-premises
6.5
CVSSv3
CVE-2023-32226
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
Sysaid Sysaid On-premises
6.1
CVSSv3
CVE-2022-40323
SysAid Help Desk prior to 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
Sysaid Help Desk
6.1
CVSSv3
CVE-2022-40324
SysAid Help Desk prior to 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.
Sysaid Help Desk
6.1
CVSSv3
CVE-2022-40325
SysAid Help Desk prior to 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.
Sysaid Help Desk
6.1
CVSSv3
CVE-2022-40322
SysAid Help Desk prior to 22.1.65 allows XSS, aka FR# 66542 and 65579.
Sysaid Help Desk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »