Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control
Vulnerability Description
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Vulnerability Type
N/A
Vulnerability Title
Sysaid Technologies SysAid 安全漏洞
Vulnerability Description
Sysaid Technologies SysAid是以色列Sysaid Technologies公司的一套IT服务管理解决方案。 Sysaid Technologies Sysaid 存在安全漏洞,该漏洞源于错误的访问控制。攻击者利用该漏洞可以接收服务器详细信息、用户名、工作站等敏感数据,还可以执行上传文件、从系统中删除调用等操作。
CVSS Information
N/A
Vulnerability Type
N/A