CVE-2022-22798

Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.gov.il/en/departments/faq/cve_advisories	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sysaid:sysaid:::::cloud:::*
	cpe:2.3:a:sysaid:sysaid:::::on-premises:::*

History

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-863~~	NVD-CWE-Other

23 May 2022, 18:52

Type	Values Removed	Values Added
References	~~(MISC) https://www.gov.il/en/departments/faq/cve_advisories -~~	(MISC) https://www.gov.il/en/departments/faq/cve_advisories - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 9.0 v3 : 8.8
First Time		Sysaid sysaid Sysaid
CWE		CWE-863
CPE		cpe:2.3:a:sysaid:sysaid:::::on-premises:::* cpe:2.3:a:sysaid:sysaid:::::cloud:::*

12 May 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-05-12 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22798

Mitre link : CVE-2022-22798

CVE.ORG link : CVE-2022-22798

JSON object : View

Products Affected

sysaid

sysaid

CWE

NVD-CWE-Other

{"id": "CVE-2022-22798", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@cyber.gov.il", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.3}]}, "published": "2022-05-12T20:15:14.977", "references": [{"url": "https://www.gov.il/en/departments/faq/cve_advisories", "tags": ["Third Party Advisory"], "source": "cna@cyber.gov.il"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Sysaid \u2013 Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system."}, {"lang": "es", "value": "Sysaid - Pro Plus Edition, SysAid Help Desk Broken Access Control versiones v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - Un atacante necesita iniciar sesi\u00f3n como invitado, despu\u00e9s de lo cual el sistema lo redirige al portal de servicios o EndUserPortal.JSP, luego necesita cambiar la ruta en la URL a /ConcurrentLogin%2ejsp, despu\u00e9s de lo cual recibir\u00e1 un mensaje de error con un bot\u00f3n de inicio de sesi\u00f3n, al hacer clic en \u00e9l, ser\u00e1 conectado al tablero del sistema. El atacante puede recibir datos confidenciales como detalles del servidor, nombres de usuario, estaciones de trabajo, etc. Tambi\u00e9n puede llevar a cabo acciones como la carga de archivos o la eliminaci\u00f3n de llamadas del sistema"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:cloud:*:*:*", "vulnerable": true, "matchCriteriaId": "A4097469-83BC-4F87-BF20-031FB8B04B9A", "versionEndExcluding": "21.1.50"}, {"criteria": "cpe:2.3:a:sysaid:sysaid:*:*:*:*:on-premises:*:*:*", "vulnerable": true, "matchCriteriaId": "2705AD15-BD6F-4F05-8826-894DA3428679", "versionEndExcluding": "22.1.64"}], "operator": "OR"}]}], "sourceIdentifier": "cna@cyber.gov.il"}