CVE-2021-43972

Published: Jan 11, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.

Affected (1)

Products: Sysaid: Sysaid

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sysaid Sysaid	Version 20.4.74 b10

References (6)

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md

Source: cve@mitre.org

Broken Link

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md

Source: cve@mitre.org

PatchThird Party Advisory

https://www.sysaid.com/it-service-management-software/incident-management

Source: cve@mitre.org

Product

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.sysaid.com/it-service-management-software/incident-management

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.