Sysaid On Premises
Approved changes feed: RSS · Atom
cpe:2.3:a:sysaid:sysaid_on-premises:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Sysaid (becec6d9-22df-5777-a1b0-a5b1c5466ab6) |
|---|---|
| Product | Sysaid On Premises (122e5221-d9a4-50cd-94ea-58b6bcd66355) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-2777 |
vulnerable | 2026-06-08 07:16:58.231212 |
SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection
CRITICAL (9.3)
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
Published: 2025-05-07T14:53:00.712Z
Updated: 2026-02-26T18:28:50.535Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2776 |
vulnerable | 2026-06-08 07:16:58.230438 |
SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection
CRITICAL (9.3)
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
Published: 2025-05-07T14:50:40.717Z
Updated: 2025-11-19T18:33:05.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-2775 |
vulnerable | 2026-06-08 07:16:58.224686 |
SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection
CRITICAL (9.3)
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
Published: 2025-05-07T14:43:23.817Z
Updated: 2025-11-19T18:33:18.279Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-47246 |
vulnerable | 2026-06-08 06:14:24.537218 |
Details available
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Published: 2023-11-10T00:00:00.000Z
Updated: 2025-10-21T23:05:32.811Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32226 |
vulnerable | 2026-06-08 06:04:45.187059 |
Sysaid - CWE-552: Files or Directories Accessible to External Parties
HIGH (8.3)
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users may exfiltrate files from the server via an unspecified method.
Published: 2023-07-30T07:53:21.574Z
Updated: 2024-10-11T14:07:55.756Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-32225 |
vulnerable | 2026-06-08 06:04:45.186560 |
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type
CRITICAL (9.8)
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -
A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
Published: 2023-07-30T07:16:24.730Z
Updated: 2024-10-21T17:53:17.063Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.