Lucene search

[email protected]NVD:CVE-2021-43972

HistoryJan 11, 2022 - 8:15 p.m.

CVE-2021-43972

2022-01-1120:15:07

[email protected]

web.nvd.nist.gov

file copy vulnerability

sysaid itil

remote attacker

http post

server filesystem

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

43.7%

JSON

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.

Affected configurations

Nvd

Node

sysaidsysaidMatch20.4.74b10

References

github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md

github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md

www.sysaid.com/it-service-management-software/incident-management

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:C/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

43.7%

JSON

Related for NVD:CVE-2021-43972

cnvd1 prion1 cvelist1 cve1