SysAid on-premises software has a path traversal vulnerability [CVE-2023-47246] that can lead to remote code execution (RCE). It allows attackers to bypass credentials. As an IT ticket management system, it can contain crucial information about internal architecture and practices.
What To Do
- Use Vulnerability Detection to search for Confirmed Exposure to CVE-2023-47246.
- Use Bitsight for 4th party risk to search for SysAid as a product and a service provider.
- Conduct analysis to look for evidence of compromise and then patch immediately. Upgrade instructions are provided in the Sysaid documentation.
Resources
- NVD, “CVE-2023-47246 Detail”
- SysAid Blog, “SysAid On-Prem Software CVE-2023-47246 Vulnerability”
- SysAid, “SysAid Upgrade Guide”
- November 16, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.