Skip to main content

On Premise

3 CVEs product

Monthly

CVE-2022-25152 HIGH This Week

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE On Premise Saas Service Desk
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2022-25151 HIGH This Week

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS On Premise Saas Service Desk
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-10569 CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD
CVSS 3.1
9.8
EPSS
3.2%
EPSS 2% CVSS 8.8
HIGH This Week

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE On Premise Saas Service Desk
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS On Premise Saas Service Desk
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload On Premise
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy