CVE-2023-47246

CRITICAL

KEV

Ransomware

Exploit

설명

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

Score Summary

CVSS Score: 9.8
Version: 3.1
Risk Score: 9.90
Attack Vector: 네트워크 공격
낮은 복잡도
권한 불필요
사용자 상호작용 불필요
범위 변경 없음
기밀성 영향 높음
무결성 영향 높음
가용성 영향 높음

Details

Published: 11/10/2023(3 years ago)
Modified: 10/31/2025(7 months ago)
Source: KEV, NVD
Products: 1

CISA KEV Listing

Ransomware

Vendor / Project: SysAid
Product: SysAid Server

Date Added: 11/13/2023
Due Date: 12/04/2023Overdue 896d

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Vulnerability Lifecycle

NVDPublished11/10/2023
CISA KEVKEV Listed11/13/2023
CISA KEV

CWE Weakness Classification

CWE-22
NVD
Secondary

References (4)

NVD
https://documentation.sysaid.com/docs/latest-version-installation-files
NVD
Advisory
https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023
NVD
Exploit

Affected Products (1)

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

StatusAnalyzed

Due Date

12/04/2023

NVDLast Modified10/31/2025

https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification

NVD

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47246

목록으로

Dashboard

Vulnerabilities