sysaid
Enterprise Softwarecommercial
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting sysaid.
- CVE-2025-2777SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection9.3
- CVE-2025-2776SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity InjectionKEV9.3
- CVE-2025-2775SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity InjectionKEV9.3
- CVE-2024-36394SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')9.1
- CVE-2024-36393SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')9.9
- CVE-2023-47426Уязвимость программного обеспечения автоматизации службы поддержки и контроля аппаратного и программного обеспечения SysAid, позволяющая нарушителю выполнить произвольный код9.8
- CVE-2024-27775SysAid - CWE-918: Server-Side Request Forgery (SSRF)7.2
- CVE-2023-47247In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102.4.3
- CVE-2023-33706SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.6.5
- CVE-2023-47246In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.KEV9.8
- CVE-2023-32226 Sysaid - CWE-552: Files or Directories Accessible to External Parties8.3
- CVE-2023-32225 Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type9.8
- CVE-2022-40325SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.6.1
- CVE-2022-40324SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.6.1
- CVE-2022-40323SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.6.1