Headline

CVE-2023-47246: On-Premise Security Enhancements 2023 - 2023

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

11 months ago

CVE

Open in Source

#vulnerability #web #pdf

On-Premise Security Enhancements 2023

09 Nov 2023
1 Minute to read
Print
Share
Dark

Light
PDF

Contents

Updated on 09 Nov 2023
1 Minute to read
Print
Share
Dark

Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

CVE #

Description

Version

921

CVE-2023-47246

Additional important security enhancements

23.3.36

871

Important security fixes

23.3.35

23856

“Login Failure” message always identical to Username

23.2.14

Was this article helpful?

What’s Next

22.4.45

Table of contents

The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in MOVEit Transfer and PaperCut servers. The issue, tracked as CVE-2023-47246, concerns a path traversal

11 months ago

The Hacker News

Open in Source

#vulnerability #web #microsoft #git #backdoor #auth #zero_day #The Hacker News

Update now! SysAid vulnerability is actively being exploited by ransomware affiliate

A SysAid vulnerability is actively being exploited by a ransomware affiliate.

11 months ago

Malwarebytes

Open in Source

#vulnerability #web #microsoft #apache #auth #zero_day