415 matches found
CVE-2025-2777
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2775
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2776
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2775
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2777
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2777 SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2777
Summary: CVE-2025-2777 affects SysAid On-Prem versions ≤ 23.3.40, with an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing endpoint. This can enable administrator account takeover and arbitrary file read primitives, per multiple sources in the connected documents. Wh...
CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2776 SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2776
CVE-2025-2776 (SysAid On-Prem) : Versions
CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2775 SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...
CVE-2025-2775
CVE-2025-2775 affects SysAid On-Prem versions
SysAid Patches 4 Critical Flaws Enabling Pre-Auth RCE in On-Premise Version
Cybersecurity researchers have disclosed multiple security flaws in the on-premise version of SysAid IT support software that could be exploited to achieve pre-authenticated remote code execution with elevated privileges. The vulnerabilities, tracked as CVE-2025-2775, CVE-2025-2776, and...
CVE-2025-2776
creationtimestamp| type| source ---|---|--- 2025-05-07 09:31:00+00:00| seen| https://thehackernews.com/2025/05/sysaid-patches-4-critical-flaws.html 2025-05-07 14:15:11+00:00| seen| https://infosec.exchange/users/shadowserver/statuses/114466967388160257 2025-05-07 14:16:50+00:00| seen|...
SysAid On-Prem 安全漏洞
SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Server URL handling feature that could lead to...
SysAid On-Prem 安全漏洞
SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Checkin processing function that could lead to...
PT-2025-20325 · Undefined · Undefined
⚠️ Vulnerability Alert: SysAid On-Premise Pre-Auth RCE Chain 4 Critical Flaws 📅 Timeline: Disclosure: 2025-05-07, Patch: 2025-03-01 🆔 CVE ID: CVE-2025-2778 📊 Base Score: 9.8 assessed Critical 📏 CVSS Metrics: AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvssSeverity:...
Malicious code in sysaid-query-data (npm)
--- -= Per source details. Do not edit below this line.=-...