CVE-2022-22797 – Sysaid – sysaid Open Redirect
https://notcve.org/view.php?id=CVE-2022-22797
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Sysaid - sysaid Redireccionamiento Abierto - Un atacante puede cambiar el enlace de redireccionamiento en el parámetro "redirectURL" de la petición "GET" desde la ubicación de la url: /ComunidadSSORedirect.jsp? • https://www.gov.il/en/departments/faq/cve_advisories • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2022-22796 – Sysaid – Sysaid System Takeover
https://notcve.org/view.php?id=CVE-2022-22796
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. Sysaid - Sysaid Toma se Sistema - Un atacante puede omitir el proceso de autenticación accediendo a: /wmiwizard.jsp, Luego a: /ConcurrentLogin.jsp, luego haciendo clic en el botón de inicio de sesión, y le redirigirá a /home.jsp sin ninguna autenticación • https://www.gov.il/en/departments/faq/cve_advisories • CWE-287: Improper Authentication •
CVE-2021-43974
https://notcve.org/view.php?id=CVE-2021-43974
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication. Se ha detectado un problema en SysAid ITIL versión 20.4.74 b10. • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md https://www.sysaid.com/it-service-management-software/incident-management • CWE-306: Missing Authentication for Critical Function •
CVE-2021-43973
https://notcve.org/view.php?id=CVE-2021-43973
An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. Una vulnerabilidad de carga de archivos sin restricciones en el archivo /UploadPsIcon.jsp en SysAid ITIL versión 20.4.74 b10, permite a un atacante remoto autenticado cargar un archivo arbitrario por medio del parámetro file en el cuerpo HTTP POST. Una petición con éxito devuelve la ruta absoluta del sistema de archivos del lado del servidor del archivo cargado • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md https://www.sysaid.com/it-service-management-software/incident-management • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2021-43972
https://notcve.org/view.php?id=CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. Una vulnerabilidad de copia de archivos sin restricciones en el archivo /UserSelfServiceSettings.jsp en SysAid ITIL versión 20.4.74 b10, permite a un atacante remoto autenticado copiar archivos arbitrarios en el sistema de archivos del servidor al root de la web (con un nombre de archivo arbitrario) por medio de los parámetros tempFile y fileName en el cuerpo HTTP POST • https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md https://www.sysaid.com/it-service-management-software/incident-management •