CVE number – CVE-2023-47246
This path traversal vulnerability could allow an attacker to perform code execution within the SysAid on-prem software.
This vulnerability is known to be exploited in the wild. The threat actor group DEV-0950 (Lace Tempest), have also been observed exploiting this vulnerability.
Update SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability.
For further information please visit – https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.