SQL Injection Vulnerability in SysAid by SysAid Technologies
CVE-2021-30486

8.8HIGH

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 22 July 2021

What is CVE-2021-30486?

The SysAid platform version 20.3.64 b14 is susceptible to SQL injection attacks through various endpoints, specifically in AssetManagementChart.jsp and AssetManagementList.jsp. Attackers can exploit the GET and POST methods to manipulate database queries, potentially allowing unauthorized access to sensitive information. It is crucial for users of the affected product to implement security measures and keep their systems updated to mitigate the risk associated with this vulnerability.

References

https://eh337.net/2021/04/10/sysaid-ii/

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2021
Vulnerability Reserved
Apr 10, 2021

Sysaid

What is CVE-2021-30486?

References

CVSS V3.1

Timeline