SysAid prior to 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sysaid sysaid |