CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2022/05/12 8:15 p.m.•14 views

Open redirect

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input...

5.8CVSS6.2AI score0.00464EPSS

Prion•added 2022/05/12 8:15 p.m.•15 views

Authentication flaw

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication...

10CVSS9.6AI score0.0126EPSS

Cvelist•added 2022/05/12 7:49 p.m.•16 views

CVE-2022-23166 Sysaid – Sysaid Local File Inclusion (LFI)

6.1CVSS9.8AI score0.01014EPSS

CVE•added 2022/05/12 7:49 p.m.•77 views

CVE-2022-23166

CVE-2022-23166 (SysAid) : A local file inclusion flaw allows an unauthenticated attacker to access the system by requesting the path /lib/tinymce/examples/index.html and selecting File/URL in the Insert/Edit Embedded Media window (Type: iframe). The issue is tied to SysAid’s LFI in this embedded ...

10CVSS8.1AI score0.01014EPSS

Cvelist•added 2022/05/12 7:49 p.m.•18 views

CVE-2022-23165 Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting XSS - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected produc...

5.5CVSS6.3AI score0.0036EPSS

CVE•added 2022/05/12 7:49 p.m.•69 views

CVE-2022-23165

CVE-2022-23165 affects Sysaid 14.2.0. The issue is a Reflected Cross-Site Scripting (XSS) in the parameter helpPageName of the page /help/treecontent.jsp. Exploitation requires the affected product to expose Offline Help Pages and the victim to click a malicious link. Attackers may access sensiti...

6.1CVSS5.9AI score0.0036EPSS

Cvelist•added 2022/05/12 7:48 p.m.•12 views

CVE-2022-22798 Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control

Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp...

6.8CVSS8.8AI score0.00556EPSS

CVE•added 2022/05/12 7:48 p.m.•91 views

CVE-2022-22798

Sysaid – Pro Plus Edition (v20.4.74 b10 through v22.1.30 b49) suffers a broken access control vulnerability where an attacker logged in as a guest can manipulate the URL (ending in /ConcurrentLogin%2ejsp) to access the system dashboard via EndUserPortal.JSP, potentially exposing server details, u...

9CVSS7.6AI score0.00556EPSS

Cvelist•added 2022/05/12 7:48 p.m.•20 views

CVE-2022-22797 Sysaid – sysaid Open Redirect

4.6CVSS6.4AI score0.00464EPSS

CVE•added 2022/05/12 7:48 p.m.•97 views

CVE-2022-22797

CVE-2022-22797 concerns Sysaid/Open Redirect via the parameter redirectURL in the GET request to a path like /CommunitySSORedirect.jsp?redirectURL=... Unvalidated redirects and forwards are possible when input is untrusted, enabling an attacker to redirect users to a malicious site and potentiall...

6.1CVSS5.4AI score0.00464EPSS

CVE•added 2022/05/12 7:47 p.m.•90 views

CVE-2022-22796

CVE-2022-22796 is documented across multiple sources (NVD, CVE List, CNNVD) as an authentication bypass in SysAid. The vulnerability enables bypassing login by sequentially accessing "/wmiwizard.jsp" → "/ConcurrentLogin.jsp" and clicking login, which redirects to "/home.jsp" without authenticatio...

10CVSS8.5AI score0.0126EPSS

Cvelist•added 2022/05/12 7:47 p.m.•21 views

CVE-2022-22796 Sysaid – Sysaid System Takeover

7CVSS9.8AI score0.0126EPSS

6.1CVSS6.2AI score0.0036EPSS

Sysaid Technologies Sysaid 跨站脚本漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. Sysaid Technologies Sysaid version 14.2.0 suffers from a cross-site scripting vulnerability that originates from a lack of filtering and escaping of the parameter helpPageName used by the pa...

Exploits0References2

10CVSS8AI score0.0126EPSS

Sysaid Technologies Sysaid 授权问题漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from the Israeli company Sysaid Technologies. Sysaid Technologies Sysaid has a security vulnerability that stems from a problematic authentication of the application. An attacker can bypass the authentication process by...

Exploits0References2

Positive Technologies•added 2022/05/12 12:0 a.m.•6 views

PT-2022-15687 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: Sysaid – Pro Plus Edition versions v20.4.74 b10 through v22.1.30 b49 Description: The issue allows an attacker to bypass access controls by logging in as a guest and manipulating the URL path to access the system dashboard. The attacker can...

9CVSS8.6AI score0.00556EPSS

Exploits0References4

10CVSS8.3AI score0.01014EPSS

Sysaid Technologies SysAid 路径遍历漏洞

Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, an Israeli company. A security vulnerability exists in Sysaid Technologies SysAid that stems from a file inclusion issue with the application. An unauthenticated attacker can exploit the vulnerabili...

Exploits0References3