Sysaid On-premises Security Vulnerabilities and Issues — Sysaid On-premises CVE List

Lucene search

SysaidSysaid On-premises

4 matches found

CVE•added 2023/11/10 6:15 a.m.•249 views

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

9.8CVSS9.4AI score0.9438EPSS

CVE•added 2020/10/02 9:15 a.m.•28 views

CVE-2020-13168

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.

6.1CVSS5.9AI score0.00532EPSS

CVE•added 2023/07/30 8:15 a.m.•25 views

CVE-2023-32226

Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.

8.3CVSS7.1AI score0.00056EPSS

CVE•added 2023/07/30 8:15 a.m.•23 views

CVE-2023-32225

Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.

9.8CVSS7.6AI score0.00072EPSS