GCVE - cpe:2.3:a:sysaid:sysaid_on-prem:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sysaid:sysaid_on-prem:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Sysaid (`becec6d9-22df-5777-a1b0-a5b1c5466ab6`)
Product	Sysaid On Prem (`ee649bca-0bfb-5088-bcbb-218c648f3c18`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2777`	vulnerable	2026-06-08 07:16:58.231077	SysAid On-Prem <= 23.3.40 lshw Proceessing XML External Entity Injection CRITICAL (9.3) SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. Published: 2025-05-07T14:53:00.712Z Updated: 2026-02-26T18:28:50.535Z Open on db.gcve.eu Reference links https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2776`	vulnerable	2026-06-08 07:16:58.230363	SysAid On-Prem <= 23.3.40 serverurl Proceessing XML External Entity Injection CRITICAL (9.3) SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. Published: 2025-05-07T14:50:40.717Z Updated: 2025-11-19T18:33:05.781Z Open on db.gcve.eu Reference links https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2775`	vulnerable	2026-06-08 07:16:58.223753	SysAid On-Prem <= 23.3.40 Checkin Proceessing XML External Entity Injection CRITICAL (9.3) SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. Published: 2025-05-07T14:43:23.817Z Updated: 2025-11-19T18:33:18.279Z Open on db.gcve.eu Reference links https://documentation.sysaid.com/docs/24-40-60 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.