Vulnerabilidades em SysAid

15 resultados

CVE-2025-2777CRITICALSysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity InjectionEPSS 79.1%CVE-2025-2776CRITICALSysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity InjectionEPSS 73.0%KEV CVE-2025-2775CRITICALSysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity InjectionEPSS 55.2%KEV CVE-2022-22796HIGHSysaid – Sysaid System TakeoverEPSS 1.3%CVE-2024-36394CRITICALSysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')EPSS 1.1%CVE-2022-23166MEDIUMSysaid – Sysaid Local File Inclusion (LFI)EPSS 1.0%CVE-2022-23170MEDIUMSysAid - Okta SSO integrationEPSS 0.6%CVE-2024-27775HIGHSysAid - CWE-918: Server-Side Request Forgery (SSRF)EPSS 0.6%CVE-2022-22798MEDIUMSysaid – Pro Plus Edition, SysAid Help Desk Broken Access ControlEPSS 0.6%CVE-2023-32225CRITICAL Sysaid - CWE-434: Unrestricted Upload of File with Dangerous TypeEPSS 0.5%CVE-2022-22797MEDIUMSysaid – sysaid Open RedirectEPSS 0.5%CVE-2021-36721MEDIUMSysaid - Sysaid API User EnumerationEPSS 0.4%CVE-2023-32226HIGH Sysaid - CWE-552: Files or Directories Accessible to External PartiesEPSS 0.4%CVE-2024-36393CRITICALSysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')EPSS 0.4%CVE-2022-23165MEDIUMSysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS)EPSS 0.4%