PT-2022-15685 · Sysaid · Sysaid

Published

2022-01-11

Updated

2022-05-23

CVE-2022-22796

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sysaid (affected versions not specified)

Description The issue allows an attacker to bypass the authentication process. This can be achieved by accessing the "/wmiwizard.jsp" API endpoint, then navigating to the "/ConcurrentLogin.jsp" endpoint, clicking on the login button, which redirects to the "/home.jsp" endpoint without requiring any authentication.

Recommendations As a temporary workaround, consider restricting access to the "/wmiwizard.jsp", "/ConcurrentLogin.jsp", and "/home.jsp" API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Authentication

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-22CWE-73

Related Identifiers

BDU:2023-08591

CVE-2022-22796

Affected Products

Sysaid

PT-2022-15685 · Sysaid · Sysaid

CVE-2022-22796

Weakness Enumeration

Related Identifiers

Affected Products

References · 7