CVE-2022-22798 is a vulnerability in Sysaid
Published on May 12, 2022
Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control
Sysaid Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system.
Vulnerability Analysis
CVE-2022-22798 is exploitable with local system access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Products Associated with CVE-2022-22798
Want to know whenever a new CVE is published for Sysaid? stack.watch will email you.
Affected Versions
Sysaid:- Version 22.1.49 cloud version, <= 22.1.49 is affected.
- Version 22.1.63 on premise version, <= 22.1.63 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.