Vulnerability Details : CVE-2021-43972
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
Products affected by CVE-2021-43972
- cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-43972
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-43972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:C/A:N |
8.0
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
References for CVE-2021-43972
-
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md
advisories/ATREDIS-2022-0001.md at master · atredispartners/advisories · GitHubPatch;Third Party Advisory
-
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md
Page not found · GitHub · GitHubBroken Link
-
https://www.sysaid.com/it-service-management-software/incident-management
ITIL Incident Management Software | SysAidProduct
Jump to