|CERT-In Vulnerability Note
SysAid On-Premise Software Path Traversal Vulnerability
Original Issue Date:November 10, 2023
Severity Rating: HIGH
- SysAid versions prior 23.3.6
A Path traversal vulnerability has been reported in SysAid on-premise software which could allow a remote attacker to execute arbitrary code on the targeted system.
This vulnerability exists in SysAid on-premise software due to improper archive file validation error when processing directory traversal sequences. A remote attacker could exploit this vulnerability by using a specially crafted archive file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.
Note: It is reported that the vulnerability is being actively exploited to deploy ransomware. Users are advised to apply patches urgently.
Apply appropriate remediation/fixes issued by the vendor:
The information provided herein is on "as is" basis, without warranty of any kind.
Email: email@example.com Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003