Sysaid On Premises
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sysaid On Premises.
By the Year
In 2026 there have been 0 vulnerabilities in Sysaid On Premises. Last year, in 2025 Sysaid On Premises had 3 security vulnerabilities published. Right now, Sysaid On Premises is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 9.30 |
| 2024 | 0 | 0.00 |
| 2023 | 3 | 7.83 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
It may take a day or so for new Sysaid On Premises vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sysaid On Premises Security Vulnerabilities
SysAid On-Prem XXE (<=23.3.40) Enables Admin Takeover
CVE-2025-2777
9.3 - Critical
- May 07, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives.
XXE
SysAid On-Prem <=23.3.40 XXE in Checkin allows admin takeover
CVE-2025-2775
9.3 - Critical
- May 07, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives.
XXE
SysAid On-Prem <=23.3.40 Vulnerable to Unauth XXE (CVE-2025-2776)
CVE-2025-2776
9.3 - Critical
- May 07, 2025
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives.
XXE
SysAid On-Premise <=23.3.35 Path Traversal to Code Exec (Tomcat Webroot)
CVE-2023-47246
9.8 - Critical
- November 10, 2023
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Directory traversal
Sysaid Authenticated File Exfiltration via CWE-552
CVE-2023-32226
6.5 - Medium
- July 30, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties - Authenticated users may exfiltrate files from the server via an unspecified method.
Files or Directories Accessible to External Parties
Unrestricted File Upload in Sysaid (CVE-2023-32225)
CVE-2023-32225
7.2 - High
- July 30, 2023
Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.
Unrestricted File Upload
SysAid 20.1.11b26 allows reflected XSS
CVE-2020-13168
6.1 - Medium
- October 02, 2020
SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sysaid On Premises or by Sysaid? Click the Watch button to subscribe.
