CVE-2020-10569

Опубликовано: 21 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938

Ссылки

http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.sysaid.com/product/on-premise/20-2/release-notes
Release Notes
Vendor Advisory
http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://www.sysaid.com/product/on-premise/20-2/release-notes
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sysaid:on-premise:20.1.11:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.02051

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-66pv-97pv-f4qx