CVE-2021-43973

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md	Broken Link
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md	Patch Third Party Advisory
https://www.sysaid.com/it-service-management-software/incident-management	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*

History

No history.

Information

Published : 2022-01-11 20:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-43973

Mitre link : CVE-2021-43973

CVE.ORG link : CVE-2021-43973

JSON object : View

Products Affected

sysaid

sysaid

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2021-43973", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-01-11T20:15:07.667", "references": [{"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sysaid.com/it-service-management-software/incident-management", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body. A successful request returns the absolute, server-side filesystem path of the uploaded file."}, {"lang": "es", "value": "Una vulnerabilidad de carga de archivos sin restricciones en el archivo /UploadPsIcon.jsp en SysAid ITIL versi\u00f3n 20.4.74 b10, permite a un atacante remoto autenticado cargar un archivo arbitrario por medio del par\u00e1metro file en el cuerpo HTTP POST. Una petici\u00f3n con \u00e9xito devuelve la ruta absoluta del sistema de archivos del lado del servidor del archivo cargado"}], "lastModified": "2022-01-20T17:29:14.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sysaid:sysaid:20.4.74:b10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E42FC83-655D-4C66-8B6F-759B3C164D07"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}