CVE-2023-47246 Information

Description

In SysAid On-Premise before 23.3.36 a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot as exploited in the wild in November 2023.

Reference

https://documentation.sysaid.com/docs/on-premise-security-enhancements-2023 https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification https://documentation.sysaid.com/docs/latest-version-installation-files