CVE-2022-22796 HIGH

CVE-2022-22796: Sysaid – Sysaid System Takeover

Vendor Sysaid
Product Sysaid
Published May 12, 2022
Last update September 17, 2024

CVSS base score

7.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

Key dates

02Disclosure timeline

May 12, 2022 CVE published
September 17, 2024 Record updated