Vulnerability Details CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.
Ransomware Campaign
Known
References
- https://documentation.sysaid.com/docs/latest-version-installation-files
- https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
- https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
- https://documentation.sysaid.com/docs/latest-version-installation-files
- https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
- https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
Products affected by CVE-2023-47246
-
cpe:2.3:a:sysaid:sysaid:-
-
cpe:2.3:a:sysaid:sysaid:21.4.45
-
cpe:2.3:a:sysaid:sysaid:22.1.64
-
cpe:2.3:a:sysaid:sysaid:22.1.65
-
cpe:2.3:a:sysaid:sysaid:22.3.35
-
cpe:2.3:a:sysaid:sysaid:22.4.45
-
cpe:2.3:a:sysaid:sysaid:23.2.14
-
cpe:2.3:a:sysaid:sysaid:23.2.15
-
cpe:2.3:a:sysaid:sysaid:23.3.34
-
cpe:2.3:a:sysaid:sysaid:23.3.35