Sysaid – Sysaid System Takeover
CVE-2022-22796

7HIGH

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 12 May 2022

Summary

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

Affected Version(s)

Sysaid cloud 21.1.29 cloud version <= 21.1.29

Sysaid on premise 21.4.44 on premise version <= 21.4.44

References

https://www.gov.il/en/departments/faq/cve_advisories

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2022
Vulnerability Reserved
Jan 7, 2022

Credit

Dudu Moyal, Gad Abuhatziera, Moriel Harush, Alon Zuker - Sophtix Security LTD