406 matches found
Sysaid Technologies SysAid SQL Injection Vulnerability
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. SysAid suffers from an SQL injection vulnerability that stems from improper neutralization of special elements used in SQL commands, resulting in SQL injection...
PT-2024-5430 · Sysaid · Sysaid
Name of the Vulnerable Software and Affected Versions: SysAid affected versions not specified Description: The issue is related to the improper neutralization of special elements used in an OS command, which can allow a remote attacker to execute arbitrary commands. This is a critical issue that...
CVE-2024-27775
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery SSRF may allow exposing the local OS user's NTLMv2 hash...
CVE-2024-27775
CVE-2024-27775 affects SysAid prior to version 23.2.14 b18. The vulnerability is a Server-Side Request Forgery (SSRF) issue that may expose the local operating system user’s NTLMv2 hash. The PT-security and other sources specify that versions before 23.2.14 b18 are impacted; remediation is to upg...
CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery SSRF may allow exposing the local OS user's NTLMv2 hash...
CVE-2024-27775 SysAid - CWE-918: Server-Side Request Forgery (SSRF)
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery SSRF may allow exposing the local OS user's NTLMv2 hash...
PT-2024-22030 · Sysaid · Sysaid
Name of the Vulnerable Software and Affected Versions: SysAid versions prior to 23.2.14 b18 Description: The issue allows for Server-Side Request Forgery SSRF, which may expose the local OS user's NTLMv2 hash. Recommendations: For versions prior to 23.2.14 b18, update to version 23.2.14 b18 or...
Sysaid Technologies SysAid 代码问题漏洞
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel. A code issue vulnerability exists in Sysaid Technologies SysAid versions prior to 23.2.14 b18, which stems from the presence of server-side request forgery SSRF, which could allow exposing t...
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
Code injection
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
Sysaid Technologies SysAid Security Vulnerabilities
Sysaid Technologies SysAid is a suite of IT service management solutions from Sysaid Technologies, Israel SysAid On-Premise is a local installation version of SysAid. A security vulnerability exists in Sysaid Technologies SysAid On-Premise versions prior to 23.3.34. An attacker could exploit the...
PT-2023-30389 · Sysaid · Sysaid On-Premise
Name of the Vulnerable Software and Affected Versions: SysAid On-Premise versions prior to 23.3.34 Description: The issue allows an end user to delete a Knowledge Base article under certain conditions. Recommendations: For versions prior to 23.3.34, update to version 23.3.34 or later to resolve t...
CVE-2023-47247
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102...
CVE-2023-47247
CVE-2023-47247 affects SysAid On-Premise before 23.3.34. An end user can delete a Knowledge Base article (bug 15102). The connected sources confirm the affected software version and the vulnerable action; no exploit details or active exploit status are provided beyond this description. Remediatio...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...
Code injection
SysAid before 23.2.15 allows Indirect Object Reference IDOR attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp...