 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.106005 |
| Category: | Web application abuses |
| Title: | SysAid < 15.2 Multiple Vulnerabilities |
| Summary: | SysAid Help Desktop Software is prone to multiple; vulnerabilities |
| Description: | Summary: SysAid Help Desktop Software is prone to multiple vulnerabilities Vulnerability Insight: - CVE-2015-2993: SysAid Help Desktop Software does not properly restrict access to certain functionality. An attacker can create administrators accounts via crafted requests to /createnewaccount or write arbitrary files via the fileName parameter to /userentry. - CVE-2015-2994: A vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not handle correctly directory traversal sequences and does not enforce file extension restrictions. - CVE-2015-2998: SysAid Help Desktop Software uses a hard-coded encryption key. - CVE-2015-2999: A SQL injection vulnerability exists in genericreport, HelpDesk.jsp and RFCGantt.jsp. - CVE-2015-3000: An XML entity expansion vulnerability exists. - CVE-2015-3001: When installing SysAid on Windows with built in SQL-Server Express, the installer sets the sa user password to a pre-defined hard-coded password. Vulnerability Impact: - An unauthenticated attacker can get full administrative access to the application or overwrite arbitrary files. - An authenticated attacker may upload arbitrary files which could lead to remote code execution. - A malicious user can decrypt e.g. the database password stored in serverConf.xml. - A user with administrative rights can perform a SQL injection attack to read and modify the database. - A unauthenticated attacker can create a Denial of Service condition for 10+ seconds. Repeating this will slow down the server extensively. - An attacker can gain administrative access to the built-in SQL Server Express. Affected Software/OS: SysAid Help Desktop version 15.1.x and before. Solution: Update to version 15.2 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2993 BugTraq ID: 75038 http://www.securityfocus.com/bid/75038 Bugtraq: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (Google Search) http://www.securityfocus.com/archive/1/535679/100/0/threaded http://seclists.org/fulldisclosure/2015/Jun/8 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html Common Vulnerability Exposure (CVE) ID: CVE-2015-2994 Common Vulnerability Exposure (CVE) ID: CVE-2015-2998 BugTraq ID: 75035 http://www.securityfocus.com/bid/75035 Common Vulnerability Exposure (CVE) ID: CVE-2015-2999 Common Vulnerability Exposure (CVE) ID: CVE-2015-3000 Common Vulnerability Exposure (CVE) ID: CVE-2015-3001 |
| Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |