CVE-2023-47246

CriticalKnown ExploitedRansomware

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat…

mitre·CWE-22·Published 2023-11-10

CVSS

9.8

EPSS

0.99

KEV

Yes

Exploits

cve.orgen

189 chars

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

NVDen

189 chars

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

En SysAid On-Premise anterior al 23.3.36, una vulnerabilidad de path traversal conduce a la ejecución de código después de que un atacante escribe un archivo en la raíz web de Tomcat, tal como se explotó en noviembre de 2023.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H