CVE-2015-3001

Published: Jun 8, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.

Affected (1)

Products: Sysaid: Sysaid

Sysaid

1 product

Sysaid

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sysaid Sysaid	Up to 15.1

Related CWEs

CWE-255

References (10)

http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2015/Jun/8

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/535679/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/75035

Source: cve@mitre.org

https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html