Lucene search

K
cve[email protected]CVE-2015-2999
HistoryJun 08, 2015 - 2:59 p.m.

CVE-2015-2999

2015-06-0814:59:07
CWE-89
web.nvd.nist.gov
33
cve-2015-2999
sysaid help desk
sql injection
remote administrators
arbitrary sql commands
vulnerability

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.

Affected configurations

NVD
Node
sysaidsysaidRange15.1
CPENameOperatorVersion
sysaid:sysaidsysaidle15.1

8.5 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.5%