PT-2020-12210 · Sysaid · Sysaid On-Premise
Published
2020-04-21
·
Updated
2024-08-04
·
CVE-2020-10569
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SysAid On-Premise version 20.1.11
Description
The issue allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. This is possible because, by default, the AJP protocol port is allowed, making it vulnerable to a GhostCat attack.
Recommendations
For SysAid On-Premise version 20.1.11, consider disabling the AJP protocol port to prevent GhostCat attacks and restrict unauthenticated access to file uploads to minimize the risk of command execution on the system.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sysaid On-Premise