Vulnerability Details CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.6%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2023-33706
-
cpe:2.3:a:sysaid:sysaid:-
-
cpe:2.3:a:sysaid:sysaid:21.1.30
-
cpe:2.3:a:sysaid:sysaid:21.1.50
-
cpe:2.3:a:sysaid:sysaid:21.4.45
-
cpe:2.3:a:sysaid:sysaid:22.1.50
-
cpe:2.3:a:sysaid:sysaid:22.1.64
-
cpe:2.3:a:sysaid:sysaid:22.1.65
-
cpe:2.3:a:sysaid:sysaid:22.2.20
-
cpe:2.3:a:sysaid:sysaid:22.3.10
-
cpe:2.3:a:sysaid:sysaid:22.3.20
-
cpe:2.3:a:sysaid:sysaid:22.3.30
-
cpe:2.3:a:sysaid:sysaid:22.3.35
-
cpe:2.3:a:sysaid:sysaid:22.3.40
-
cpe:2.3:a:sysaid:sysaid:22.3.50
-
cpe:2.3:a:sysaid:sysaid:22.3.60
-
cpe:2.3:a:sysaid:sysaid:22.3.70
-
cpe:2.3:a:sysaid:sysaid:22.4.10
-
cpe:2.3:a:sysaid:sysaid:22.4.20
-
cpe:2.3:a:sysaid:sysaid:22.4.30
-
cpe:2.3:a:sysaid:sysaid:22.4.40
-
cpe:2.3:a:sysaid:sysaid:22.4.45
-
cpe:2.3:a:sysaid:sysaid:22.4.50
-
cpe:2.3:a:sysaid:sysaid:22.4.60
-
cpe:2.3:a:sysaid:sysaid:23.1.10
-
cpe:2.3:a:sysaid:sysaid:23.1.20
-
cpe:2.3:a:sysaid:sysaid:23.1.30
-
cpe:2.3:a:sysaid:sysaid:23.1.40
-
cpe:2.3:a:sysaid:sysaid:23.1.50
-
cpe:2.3:a:sysaid:sysaid:23.1.60
-
cpe:2.3:a:sysaid:sysaid:23.1.70
-
cpe:2.3:a:sysaid:sysaid:23.2.10
-
cpe:2.3:a:sysaid:sysaid:23.2.14
-
cpe:2.3:a:sysaid:sysaid:23.2.20
-
cpe:2.3:a:sysaid:sysaid:23.2.30
-
cpe:2.3:a:sysaid:sysaid:23.2.40