In SysAid On-Premise prior to 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sysaid sysaid on-premises |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Second novel zero-day exploited by Lace Tempest this year offers notable demonstration of skill, especially for a ransomware affiliate
The cybercriminals behind the rampant MOVEit exploits from earlier this year are making use a zero-day vulnerability in on-prem instances of IT service and help desk software-slinger SysAid. Believed to be an affiliate of the Cl0p ransomware gang and tracked by Microsoft as Lace Tempest, the crew were able to execute PowerShell scripts and deploy malware by unearthing and abusing a novel zero-day in the IT service desk software. Microsoft's Threat Intelligence discovered the exploits, which only...