Sysaid: >> Sysaid >> 23.3.35 Security Vulnerabilities
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS Score
9.9
EPSS Score
0.001
Published
2024-06-06
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS Score
9.1
EPSS Score
0.009
Published
2024-06-06
CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2023-11-10