2 matches found
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
CVE-2023-33706
SysAid CVE-2023-33706 affects SysAid before 23.2.15. The issue is an Indirect Object Reference (IDOR) allowing reading of ticket data by modifying sid to EmailHtmlSourceIframe.jsp or srID to ShowMessage.jsp. Affected component paths and parameters are explicitly named in connected sources. Impact...