Web application abuses : SysAid Path < 15.2 Directory Traversal Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.106007

Category: Web application abuses

Title: SysAid Path < 15.2 Directory Traversal Vulnerability

Summary: SysAid Help Desktop Software is prone to a path traversal vulnerability

Description: Summary:
SysAid Help Desktop Software is prone to a path traversal vulnerability

Vulnerability Insight:
The vulnerability allows unauthenticated attackers to download
arbitrary files through path traversal.

Vulnerability Impact:
An unauthenticated attacker can obtain potentially sensitive information.

Affected Software/OS:
SysAid Help Desktop version 15.1.x and before.

Solution:
Update to version 15.2 or later.

CVSS Score:
8.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-2996
BugTraq ID: 75038
http://www.securityfocus.com/bid/75038
Bugtraq: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (Google Search)
http://www.securityfocus.com/archive/1/535679/100/0/threaded
http://seclists.org/fulldisclosure/2015/Jun/8
http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html

Copyright Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.106007
Category:	Web application abuses
Title:	SysAid Path < 15.2 Directory Traversal Vulnerability
Summary:	SysAid Help Desktop Software is prone to a path traversal vulnerability
Description:	Summary: SysAid Help Desktop Software is prone to a path traversal vulnerability Vulnerability Insight: The vulnerability allows unauthenticated attackers to download arbitrary files through path traversal. Vulnerability Impact: An unauthenticated attacker can obtain potentially sensitive information. Affected Software/OS: SysAid Help Desktop version 15.1.x and before. Solution: Update to version 15.2 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2996 BugTraq ID: 75038 http://www.securityfocus.com/bid/75038 Bugtraq: 20150603 [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (Google Search) http://www.securityfocus.com/archive/1/535679/100/0/threaded http://seclists.org/fulldisclosure/2015/Jun/8 http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
Copyright	Copyright (C) 2015 Greenbone Networks GmbH