Publication Date – November 16, 2023
SysAid on-premises software has a path traversal vulnerability [CVE-2023-47246] that can lead to remote code execution (RCE). It allows attackers to bypass credentials. As an IT ticket management system, it can contain crucial information about internal architecture and practices.
What To Do
- Use Vulnerability Detection to search for Confirmed Exposure to CVE-2023-47246.
- Use Bitsight for 4th party risk to search for SysAid as a product and a service provider.
- Conduct analysis to look for evidence of compromise and then patch immediately. Upgrade instructions are provided in the Sysaid documentation.