CVE-2021-43974: CVE-2021-43974

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-43974

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Sysaid Technologies SysAid 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Sysaid Technologies SysAid是以色列SysAid Technologies（Sysaid Technologies）公司的一套IT服务管理解决方案。 Sysaid Technologies SysAid ITIL存在安全漏洞，该漏洞源于在SysAid ITIL 20.4.74 b10中发现一个问题。enduserreg端点用于匿名注册最终用户，但不尊重服务器端设置(该设置决定是否允许匿名用户注册新帐户)。将服务器端设置配置为禁用匿名用户注册只会隐藏客户端注册表单。攻击者可利用该漏洞

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-43974

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-43974

Please Login to view more intelligence information

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.mdx_refsource_MISC
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.mdx_refsource_MISC
https://www.sysaid.com/it-service-management-software/incident-managementx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-43974

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-43974

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-43974

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-43974

III. Intelligence Information for CVE-2021-43974

IV. Related Vulnerabilities

V. Comments for CVE-2021-43974

Leave a comment