SysAid Unauthenticated File Upload Vulnerability

Published: 2015-06-11 03:02:43
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Detection Type:
remote_active

Solution Type:
Vendor Patch

Summary:
SysAid Help Desktop Software is prone to a unauthenticated file upload vulnerability

Detection Method:
Determine if the vulnerable service is reachable and then check the version.

Technical Details:
The vulnerability exists in the RdsLogsEntry servlet which accepts unauthenticated file uploads and handles zip file contents in a insecure way. Note that this will only work if the target is running Java 6 or 7 up to 7u25, as Java 7u40 and above introduce a protection against null byte injection in file names.

Impact:
An unauthenticated attacker can upload arbitrary files which could lead to remote code execution.

Affected Versions:
SysAid Help Desktop version 15.1.x and before.

Recommendations:
Upgrade to version 15.2 or later.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2015-2995

References:

https://www.security-database.com/detail.php?alert=CVE-2015-2995

Search
Severity
Medium
CVSS Score
6.8

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.