CVE-2023-47246
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Nov 10, 2023
Updated: Dec 20, 2024
CWE ID 22
Summary
CVE-2023-47246 is a newly disclosed vulnerability that impacts SysAid On-Premise versions prior to 23.3.36. This issue allows an attacker to execute arbitrary code by exploiting a path traversal vulnerability in the Tomcat webroot. By writing a malicious file, an adversary can manipulate the system to run unintended commands, posing a significant risk to the affected organization's security. This vulnerability was actively exploited in November 2023, underscoring the urgency for affected organizations to apply the available patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- SysAid IT
Affected Vendors
- SysAid