Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-36394

9.8CRITICAL

Key Information:

Vendor: Sysaid
Status: Sysaid
Vendor: CVE Published:; 6 June 2024

Summary

A vulnerability exists within SysAid that allows for OS command injection due to improper neutralization of special elements. This weakness can be exploited by attackers to run arbitrary commands on the operating system, potentially leading to unauthorized access and control over the affected environment. Organizations using SysAid are advised to assess their current versions and apply necessary security updates to mitigate this significant risk.

Affected Version(s)

SysAid All versions <= 23.3.38

References

https://www.gov.il/en/Departments/faq/cve_advisories

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 27, 2024

Credit

Niv Levy, Daniel Shemesh, Or Ida - CyberArk