Filtered by vendor Sysaid
Subscriptions
Filtered by product Sysaid
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30486 | 1 Sysaid | 1 Sysaid | 2024-08-03 | 8.8 High |
| SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via AssetManagementChart.jsp (GET computerID), AssetManagementChart.jsp (POST group1), AssetManagementList.jsp (GET computerID or group1), or AssetManagementSummary.jsp (GET group1). | ||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2024-08-03 | 6.1 Medium |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | ||||
| CVE-2023-47247 | 1 Sysaid | 1 Sysaid | 2024-08-02 | 4.3 Medium |
| In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. | ||||
| CVE-2023-33706 | 1 Sysaid | 1 Sysaid | 2024-08-02 | 6.5 Medium |
| SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | ||||
| CVE-2024-36394 | 1 Sysaid | 1 Sysaid | 2024-08-02 | 9.1 Critical |
| SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-36393 | 1 Sysaid | 1 Sysaid | 2024-08-02 | 9.9 Critical |
| SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||