EUVD-2024-24968

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

SysAid versions before 23.2.14 b18 are vulnerable to Server-Side Request Forgery exposing NTLMv2 hash

Reporter	Title	Published	Views	Family All 6
CNNVD	Sysaid Technologies SysAid 代码问题漏洞	28 Mar 202400:00	–	cnnvd
CVE	CVE-2024-27775	28 Mar 202412:19	–	cve
Cvelist	CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)	28 Mar 202412:19	–	cvelist
NVD	CVE-2024-27775	28 Mar 202413:15	–	nvd
Positive Technologies	PT-2024-22030 · Sysaid · Sysaid	28 Mar 202400:00	–	ptsecurity
Vulnrichment	CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)	28 Mar 202412:19	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "9df79cfe-33c1-354a-aa86-751f1fb19dcb",
        "vendor": {
          "name": "SysAid"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "5effc098-eed5-3c3b-a1ad-90c962695beb",
        "product": {
          "name": "SysAid"
        },
        "product_version": "version 23.2.14 b18 ≤Upgrade to version 23.3.38 or later"
      },
      {
        "id": "9df79cfe-33c1-354a-aa86-751f1fb19dcb",
        "product": {
          "name": "SysAid"
        }
      }
    ]
  }
]

Source	Link
gov	www.gov.il/en/Departments/faq/cve_advisories

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.2

EPSS0.00132

SSVC