Sysaid - CWE-552: Files or Directories Accessible to External Parties
CVE-2023-32226

8.3HIGH

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 30 July 2023

Summary

Authenticated users in Sysaid can exploit a weakness that permits the unauthorized access and exfiltration of files from the server. This vulnerability arises due to inadequate restrictions on file access, allowing users with authentication to retrieve data that should remain private. The lack of proper security measures poses a risk of sensitive data being leaked, potentially impacting confidentiality and integrity.

Affected Version(s)

Sysaid All versions < 23.2.14 b18

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 30, 2023
Vulnerability Reserved
May 4, 2023

Credit

Niv Levy