GCVE - cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*

part: a version: 20.4.74 update: b10

Vendor	Sysaid (`becec6d9-22df-5777-a1b0-a5b1c5466ab6`)
Product	Sysaid (`3bbe567a-2790-5c11-ad33-b3b92507d6e3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-43973`	vulnerable	2026-06-08 05:36:44.667581	Details available An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file. Published: 2022-01-11T19:20:43.000Z Updated: 2024-08-04T04:10:17.149Z Open on db.gcve.eu Reference links https://www.sysaid.com/it-service-management-software/incident-management https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43972`	vulnerable	2026-06-08 05:36:44.667032	Details available An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body. Published: 2022-01-11T19:19:23.000Z Updated: 2024-08-04T04:10:17.159Z Open on db.gcve.eu Reference links https://www.sysaid.com/it-service-management-software/incident-management https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-43971`	vulnerable	2026-06-08 05:36:44.666485	Details available A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter. Published: 2022-01-11T19:17:47.000Z Updated: 2024-08-04T04:10:17.124Z Open on db.gcve.eu Reference links https://www.sysaid.com/it-service-management-software/incident-management https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.