Lucene search
K

417 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:58 a.m.11 views

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023...

9.8CVSS7.4AI score0.98851EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:38 a.m.9 views

CVE-2022-40323

SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR 67241...

6.1CVSS6.1AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:38 p.m.6 views

CVE-2022-40322

SysAid Help Desk before 22.1.65 allows XSS, aka FR 66542 and 65579...

6.1CVSS6.3AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.5 views

CVE-2022-40324

SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR 67258...

6.1CVSS5.9AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:24 p.m.6 views

CVE-2022-40325

SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR 67262...

6.1CVSS5.9AI score0.00363EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 p.m.7 views

CVE-2021-43974

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous us...

5.3CVSS6.7AI score0.01416EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 7:39 p.m.16 views

CVE-2021-30486

SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp GET computerID, AssetManagementChart.jsp POST group1, AssetManagementList.jsp GET computerID or group1, or AssetManagementSummary.jsp GET group1...

8.8CVSS8.1AI score0.01017EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.8 views

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

8.8CVSS8.3AI score0.01744EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.7 views

CVE-2021-43972

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename via the tempFile and fileName parameters in the HTTP POST body...

6.8CVSS6.8AI score0.01465EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 p.m.8 views

CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file...

8.8CVSS6.8AI score0.01707EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:36 p.m.15 views

CVE-2021-30049

SysAid 20.3.64 b14 is affected by Cross Site Scripting XSS via a /KeepAlive.jsp?stamp= URI...

6.1CVSS6.1AI score0.0247EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:58 p.m.10 views

CVE-2020-13168

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter...

6.1CVSS5.9AI score0.00966EPSS
Exploits1
VulnCheck KEV
VulnCheck KEV
added 2025/05/19 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-2775

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS5.8AI score0.55177EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/14 12:0 a.m.2 views

VulnCheck KEV: CVE-2025-2776

SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS5.8AI score0.72971EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2025/05/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS5.8AI score0.79133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:23 p.m.8 views

CVE-2025-2777

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS7AI score0.79133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:23 p.m.9 views

CVE-2025-2776

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives...

9.8CVSS7AI score0.72971EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/09 3:23 p.m.9 views

CVE-2025-2775

SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives...

9.3CVSS7AI score0.55177EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.9 views

SysAid Server < 24.4.60 b16 Multiple Vulnerabilities

The version of SysAid Server installed on the remote host is prior to 24.4.60 b16. It is, therefore, affected multiple vulnerabilities, including the following: - SysAid On-Prem versions = 23.3.40 are vulnerable to an unauthenticated XML External Entity XXE vulnerability in the Checkin processing...

9.8CVSS8.7AI score0.79133EPSS
Exploits4References5
NCSC
NCSC
added 2025/05/08 6:56 a.m.13 views

Vulnerabilities fixed in SysAid On-Prem

SysAid has fixed vulnerabilities in SysAid On-Prem Versions up to 23.3.40 The vulnerability is in the unauthenticated XML External Entity XXE present in SysAid On-Prem versions up to 23.3.40. This vulnerability allows attackers to exploit the system without authentication. This can lead to...

9.8CVSS8.9AI score0.79133EPSS
Exploits4References1
Rows per page
Query Builder