Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sysaid vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated malicious user to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path ...
Sysaid Sysaid 20.4.74
5.3
CVSSv3
CVE-2021-43974
An issue exists in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable ano...
Sysaid Itil 20.4.74
5.3
CVSSv3
CVE-2021-36721
Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization prior to 21.3.60 version could get users names from the LDAP server.
Sysaid Application Programming Interface
6.1
CVSSv3
CVE-2021-31862
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
Sysaid Sysaid 20.4.74
1 Github repository
6.1
CVSSv3
CVE-2021-30049
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
Sysaid Sysaid 20.3.64
8.8
CVSSv3
CVE-2021-30486
SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1).
Sysaid Sysaid 20.3.64
6.1
CVSSv3
CVE-2020-13168
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
Sysaid Sysaidsy On-premises 20.1.11
Sysaid Sysaid On-premises 5.0
Sysaid Sysaid On-premises 5.5.06
Sysaid Sysaid On-premises 5.6
Sysaid Sysaid On-premises 6.0.9
Sysaid Sysaid On-premises 6.5
Sysaid Sysaid On-premises 7.0
Sysaid Sysaid On-premises 7.5
Sysaid Sysaid On-premises 8.0
Sysaid Sysaid On-premises 8.1
Sysaid Sysaid On-premises 8.5
Sysaid Sysaid On-premises 9.0.10
Sysaid Sysaid On-premises 9.0.30
Sysaid Sysaid On-premises 9.0.40
Sysaid Sysaid On-premises 9.0.52
Sysaid Sysaid On-premises 9.0.53
Sysaid Sysaid On-premises 9.1.0
Sysaid Sysaid On-premises 14.1
Sysaid Sysaid On-premises 14.2
Sysaid Sysaid On-premises 14.3
Sysaid Sysaid On-premises 14.4.00
Sysaid Sysaid On-premises 14.4.1
9.8
CVSSv3
CVE-2020-10569
SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may...
Sysaid On-premise 20.1.11
NA
CVE-2015-2996
Multiple directory traversal vulnerabilities in SysAid Help Desk prior to 15.2 allow remote malicious users to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot do...
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
NA
CVE-2015-2997
SysAid Help Desk prior to 15.2 allows remote malicious users to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
Sysaid Sysaid
1 EDB exploit
2 Metasploit modules
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »