Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2023-47246 - CERT CVE
CVE-2023-47246
ID
CVE-2023-47246
Sažetak
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Reference
https://documentation.sysaid.com/docs/latest-version-installation-files
https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
https://documentation.sysaid.com/docs/latest-version-installation-files
https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47246
CVSS
Base:
9.8
Impact:
5.9
Exploitability:
3.9
Pristup
Vektor
Složenost
Autentikacija
NETWORK
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
HIGH
HIGH
HIGH
CVSS vektor
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zadnje važnije ažuriranje
31-10-2025 - 14:38
Objavljeno
10-11-2023 - 06:15
