Sysaid: >> Sysaid >> 23.3.37 Security Vulnerabilities
CVE-2025-2775
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Known exploited
CVSS Score
9.3
EPSS Score
0.652
Published
2025-05-07
CVE-2025-2776
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Known exploited
CVSS Score
9.3
EPSS Score
0.509
Published
2025-05-07
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
CVSS Score
9.3
EPSS Score
0.151
Published
2025-05-07
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS Score
9.9
EPSS Score
0.003
Published
2024-06-06
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVSS Score
9.1
EPSS Score
0.002
Published
2024-06-06