Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-47246
HistoryNov 10, 2023 - 6:15 a.m.

CVE-2023-47246

2023-11-1006:15:30
CWE-22
[email protected]
web.nvd.nist.gov
cve-2023-47246
sysaid on-premise
path traversal
code execution
tomcat webroot
exploited in the wild
november 2023

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.943 High

EPSS

Percentile

99.2%

JSON

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

Affected configurations

NVD
Node
sysaidsysaid_on-premisesRange<23.3.36

Related

hivepro 2
nuclei 1
nessus 1
prion 1
githubexploit 2
malwarebytes 1
thn 1
cisa_kev 1
cve 1
cvelist 1
rapid7blog 2
cnvd 1
attackerkb 1
hivepro
hivepro
Attacks, Vulnerabilities and Actors 6 November to 12 November 2023
2023-11-15 09:15:43
Lace Tempest Exploits Zero-Day in a Strategic Strike on SysAid
2023-11-14 08:22:40
nuclei
nuclei
SysAid Server - Remote Code Execution
2023-11-14 10:18:31
nessus
nessus
SysAid Server < 23.3.36 Path Traversal
2023-11-16 00:00:00
prion
prion
Path traversal
2023-11-10 06:15:00
githubexploit
githubexploit
Exploit for Path Traversal in Sysaid Sysaid On-Premises
2023-11-17 07:03:06
Exploit for Path Traversal in Sysaid Sysaid On-Premises
2023-11-22 08:18:11
malwarebytes
malwarebytes
Update now! SysAid vulnerability is actively being exploited by ransomware affiliate
2023-11-09 13:43:06
thn
thn
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
2023-11-09 16:54:00
cisa_kev
cisa_kev
SysAid Server Path Traversal Vulnerability
2023-11-13 00:00:00
cve
cve
CVE-2023-47246
2023-11-10 06:15:30
cvelist
cvelist
CVE-2023-47246
2023-11-10 00:00:00
rapid7blog
rapid7blog
Peeking into the crystal ball: What 2023 cyber threats told us about 2024
2023-12-12 16:00:00
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
2023-11-09 14:12:55
cnvd
cnvd
File Upload Vulnerability Exists in SysAid On-Premise
2023-11-21 00:00:00
attackerkb
attackerkb
CVE-2023-47246
2023-11-10 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.943 High

EPSS

Percentile

99.2%

JSON
Related for NVD:CVE-2023-47246
hivepro2nuclei1nessus1prion1githubexploit2malwarebytes1thn1cisa_kev1cve1cvelist1rapid7blog2cnvd1attackerkb1