Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid sysaid vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-43971
A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to execute arbitrary SQL commands via the filterText parameter.
Sysaid Sysaid 20.4.74
605
VMScore
CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters i...
Sysaid Sysaid 20.4.74
578
VMScore
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path ...
Sysaid Sysaid 20.4.74
383
VMScore
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
Sysaid Sysaid 20.3.64
NA
CVE-2023-47246
In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Sysaid Sysaid On-premises
2 Github repositories
1 Article
NA
CVE-2023-32225
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
Sysaid Sysaid On-premises
NA
CVE-2023-32226
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
Sysaid Sysaid On-premises
383
VMScore
CVE-2007-5259
Cross-site request forgery (CSRF) vulnerability in Ilient SysAid 4.5.03 and 4.5.04 allows remote malicious users to perform some actions as administrators, as demonstrated by changing the administrator password. NOTE: the provenance of this information is unknown; the details are...
Ilient Sysaid 4.5.03
Ilient Sysaid 4.5.04
606
VMScore
CVE-2022-23170
SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request ...
Sysaid Okta Sso
383
VMScore
CVE-2008-2179
Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote malicious users to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party in...
Ilient Sysaid 5.1.08
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »