Sysaid: >> Sysaid >> 23.3.37 Security Vulnerabilities
CVE-2025-2775
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Known exploited
CVSS Score
9.3
EPSS Score
0.598
Published
2025-05-07
CVE-2025-2776
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Known exploited
CVSS Score
9.3
EPSS Score
0.503
Published
2025-05-07
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
CVSS Score
9.3
EPSS Score
0.079
Published
2025-05-07
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS Score
9.9
EPSS Score
0.002
Published
2024-06-06
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS Score
9.1
EPSS Score
0.001
Published
2024-06-06