Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
SysAid “Service Desk” can be instrumented to gain access to the underlying database, which usually means accessing the MSSQL server with the Administrator account (‘sa’).
Details about vulnerability
The “dir” parameter while posting to “/EndUserActions.jsp” is prone to a blind SQL injection.
SysAid “Service Desk” cloud versions prior to 15.1.70 are affected by this vulnerability. SysAid “Service Desk” on-premise versions prior to 15.2 are affected by this vulnerability.
SysAid “Service Desk” cloud version 15.1.70 includes a fix for this specific vulnerability, according to the vendor. SysAid “Service Desk” on-premise version 15.2 includes a fix for this specific vulnerability, according to the vendor.
CIRCL would like to thank the reporter (Adrien Jolibert, Excellium Services S.A.).
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
- Version 1.0 - TLP:WHITE - First version (20150626)