Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 11/01/2022 Updated: 12/07/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

An issue exists in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sysaid itil 20.4.74

CWE-306 https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md https://www.sysaid.com/it-service-management-software/incident-management https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43974

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect