2 matches found
SysAid file upload vulnerability
SysAid ITIL in version 20.4.74 b10 is vulnerable to file uploads due to the lack of valid validation of uploaded files in UploadPsIcon.jsp in SysAid. A remote authenticated attacker can exploit this vulnerability to upload arbitrary files via the file parameter in the HTTP POST body...
CVE-2021-43974
CVE-2021-43974 affects SysAid ITIL 20.4.74 b10. The /enduserreg endpoint allows anonymous users to register new accounts even when the server-side setting to disable anonymous registration is enabled, bypassing client-side controls and enabling account creation without authentication. Connected d...