Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 4, 2023

CVE-2023-47246

High
EPSS 94.3%CISA KEVRansomware
SysAid/SysAid Server

Description

SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution.

EPSS — Exploit Probability

94.3%

Higher than 100.0% of all CVEs

Required Action

https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification; https://nvd.nist.gov/vuln/detail/CVE-2023-47246

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
94.3%
CISA KEV
Yes
Ransomware
Known
Articles
0

Timeline

Published

Nov 13, 2023

Added to KEV

Nov 13, 2023

Remediation Due

Dec 4, 2023

Affected Product

SysAid

SysAid Server

View all SysAid CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE