CVE-2015-3001
SysAid Help Desk 14.4 - Multiple Vulnerabilities
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.
SysAid Help Desk anterior a 15.2 utiliza una contraseƱa embebida de Password1 para la cuenta de usuario sa SQL Server Express, lo que permite a usuarios remotos autenticados evadir las restricciones de acceso mediante el aprovechamiento de esta contraseƱa.
SysAid Help Desk version 14.4 suffers from code execution, denial of service, path disclosure, remote file upload, remote SQL injection, directory traversal, file download, and various other vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-04-07 CVE Reserved
- 2015-06-03 CVE Published
- 2015-06-10 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/535679/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/75035 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk | 2018-10-09 |