CVE-2022-22796

Summary

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

Affected Software

VendorProductVersion RangeStatus
SysAidSysaid21.1.29 cloud version <= 21.1.29affected
SysAidSysaid21.4.44 on premise version <= 21.4.44affected

Weaknesses

  • System Take Over

ADP Enrichment

CVE Program Container

Additional References

References