CVE-2022-22796 is a vulnerability in Sysaid
Published on May 12, 2022

Sysaid – Sysaid System Takeover
Sysaid Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Products Associated with CVE-2022-22796

Want to know whenever a new CVE is published for Sysaid? stack.watch will email you.

Sysaid

Affected Versions

Sysaid:

Version 21.1.29 cloud version, <= 21.1.29 is affected.

Sysaid:

Version 21.4.44 on premise version, <= 21.4.44 is affected.

Exploit Probability

EPSS

0.23%

Percentile

45.77%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2022-22796 is a vulnerability in SysaidPublished on May 12, 2022

Vulnerability Analysis

Products Associated with CVE-2022-22796

Affected Versions

Exploit Probability

CVE-2022-22796 is a vulnerability in Sysaid
Published on May 12, 2022