9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.668 Medium
EPSS
Percentile
97.6%
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Recent assessments:
cbeek-r7 at November 09, 2023 2:50pm UTC reported:
On November 8, 2023, SysAid, an IT service management company, revealed a zero-day path traversal vulnerability, CVE-2023-47426, impacting on-premise SysAid servers. Microsoftβs threat intelligence team, the discoverers of this vulnerability, reported its exploitation in the wild by DEV-0950 (Lace Tempest) through βlimited attacks.β
Microsoft, in a social media thread on the evening of November 8, underscored that Lace Tempest is associated with the distribution of Cl0p ransomware and highlighted the likelihood of ransomware deployment and/or data exfiltration when exploiting CVE-2023-47246. Itβs worth noting that Lace Tempest was also responsible for the MOVEit Transfer and GoAnywhere MFT extortion attacks earlier this year.
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.668 Medium
EPSS
Percentile
97.6%