Sysaid On Premises
CVE-2023-32226
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users may exfiltrate files from the server via an unspecified method.
AnalysisAI
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method. Affected products include: Sysaid Sysaid On-Premises.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sysaid On Premises
View allSysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. Rated medium severity (CVSS 6.1),
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today