Home

Description

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

PUBLISHED Reserved 2023-11-04 | Published 2023-11-10 | Updated 2025-10-21 | Assigner mitre

CISA Known Exploited Vulnerability

Date added 2023-11-13 | Due date 2023-12-04

Known Ransomware Campaign(s)  

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

documentation.sysaid.com/...emise-security-enhancements-2023

www.sysaid.com/...ftware-security-vulnerability-notification

documentation.sysaid.com/...atest-version-installation-files

cve.org (CVE-2023-47246)

nvd.nist.gov (CVE-2023-47246)

Download JSON