Sysaid
by Sysaid
CVEs (38)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27775 | Hig | 0.47 | 7.2 | 0.01 | Mar 28, 2024 | SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash | ||
| CVE-2023-47246 | 0.26 | — | 0.99 | KEV | Nov 10, 2023 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | ||
| CVE-2025-2775 | 0.18 | — | 0.55 | KEV | May 7, 2025 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. | ||
| CVE-2025-2776 | 0.17 | — | 0.73 | KEV | May 7, 2025 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. | ||
| CVE-2015-2996 | 0.10 | — | 0.87 | Jun 8, 2015 | Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in… | |||
| CVE-2015-2997 | 0.08 | — | 0.57 | Jun 8, 2015 | SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message. | |||
| CVE-2015-2994 | 0.07 | — | 0.50 | Jun 8, 2015 | Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | |||
| CVE-2015-2993 | 0.07 | — | 0.55 | Jun 8, 2015 | SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. | |||
| CVE-2015-2995 | 0.06 | — | 0.34 | Jun 8, 2015 | The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. | |||
| CVE-2015-2998 | 0.05 | — | 0.26 | Jun 8, 2015 | SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. | |||
| CVE-2015-3001 | 0.04 | — | 0.07 | Jun 8, 2015 | SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password. | |||
| CVE-2015-3000 | 0.04 | — | 0.08 | Jun 8, 2015 | SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion… | |||
| CVE-2014-9436 | 0.04 | — | 0.07 | Jan 2, 2015 | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. | |||
| CVE-2021-31862 | 0.03 | — | 0.04 | Oct 29, 2021 | SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. | |||
| CVE-2015-2999 | 0.03 | — | 0.02 | Jun 8, 2015 | Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report… | |||
| CVE-2025-2777 | 0.02 | — | 0.79 | May 7, 2025 | SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. | |||
| CVE-2021-30049 | 0.01 | — | 0.02 | Jul 22, 2021 | SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | |||
| CVE-2024-36394 | 0.00 | — | 0.01 | Jun 6, 2024 | SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | |||
| CVE-2024-36393 | 0.00 | — | 0.00 | Jun 6, 2024 | SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | |||
| CVE-2023-47247 | 0.00 | — | 0.00 | Dec 25, 2023 | In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. |
- risk 0.47cvss 7.2epss 0.01
SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash
- risk 0.26cvss —epss 0.99
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
- risk 0.18cvss —epss 0.55
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
- risk 0.17cvss —epss 0.73
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
- CVE-2015-2996Jun 8, 2015risk 0.10cvss —epss 0.87
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in…
- CVE-2015-2997Jun 8, 2015risk 0.08cvss —epss 0.57
SysAid Help Desk before 15.2 allows remote attackers to obtain sensitive information via an invalid value in the accountid parameter to getAgentLogFile, as demonstrated by a large directory traversal sequence, which reveals the installation path in an error message.
- CVE-2015-2994Jun 8, 2015risk 0.07cvss —epss 0.50
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
- CVE-2015-2993Jun 8, 2015risk 0.07cvss —epss 0.55
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry.
- CVE-2015-2995Jun 8, 2015risk 0.06cvss —epss 0.34
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
- CVE-2015-2998Jun 8, 2015risk 0.05cvss —epss 0.26
SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml.
- CVE-2015-3001Jun 8, 2015risk 0.04cvss —epss 0.07
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
- CVE-2015-3000Jun 8, 2015risk 0.04cvss —epss 0.08
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion…
- CVE-2014-9436Jan 2, 2015risk 0.04cvss —epss 0.07
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
- CVE-2021-31862Oct 29, 2021risk 0.03cvss —epss 0.04
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
- CVE-2015-2999Jun 8, 2015risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report…
- CVE-2025-2777May 7, 2025risk 0.02cvss —epss 0.79
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
- CVE-2021-30049Jul 22, 2021risk 0.01cvss —epss 0.02
SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI.
- CVE-2024-36394Jun 6, 2024risk 0.00cvss —epss 0.01
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CVE-2024-36393Jun 6, 2024risk 0.00cvss —epss 0.00
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CVE-2023-47247Dec 25, 2023risk 0.00cvss —epss 0.00
In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.
Page 1 of 2