CVE-2022-22796
7
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
Summary
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SysAid | Sysaid | 21.1.29 cloud version <= 21.1.29 | affected |
| SysAid | Sysaid | 21.4.44 on premise version <= 21.4.44 | affected |
Weaknesses
- System Take Over
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.