Vulnerability Database

296,336

Total vulnerabilities in the database

CVE-2023-33706

SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.

  • Published: Nov 24, 2023
  • Updated: Dec 1, 2023
  • CVE: CVE-2023-33706
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
sysaid / sysaid - 23.2.50
sysaid / sysaid - 23.2.15