Lucene search

K
cve[email protected]CVE-2015-2999
HistoryJun 08, 2015 - 2:59 p.m.

CVE-2015-2999

2015-06-0814:59:07
CWE-89
web.nvd.nist.gov
34
cve-2015-2999
sysaid help desk
sql injection
remote administrators
arbitrary sql commands
vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.

Affected configurations

NVD
Node
sysaidsysaidRange15.1
CPENameOperatorVersion
sysaid:sysaidsysaidle15.1

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%