-
Notifications
You must be signed in to change notification settings - Fork 47
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #864 from DIVD-NL/2024-00045
Casefile case 45
- Loading branch information
Showing
1 changed file
with
46 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| layout: case | ||
| title: "SysAid ITSM SQL Injection vulnerability" | ||
| author: Max van der Horst | ||
| lead: Max van der Horst | ||
| excerpt: "In May 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system." | ||
| researchers: | ||
| - Max van der Horst | ||
| cves: | ||
| - CVE-2024-36393 | ||
| product: | ||
| - SysAid ITSM | ||
| versions: | ||
| - 23.3.37 and earlier | ||
| recommendation: "Please update your SysAid instance as soon as possible." | ||
| patch_status: Released | ||
| status: Open | ||
| start: 30-10-2024 | ||
| end: | ||
| timeline: | ||
| - start: 30-10-2024 | ||
| end: | ||
| event: "DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393." | ||
| - start: 30-10-2024 | ||
| end: | ||
| event: "Fingerprint for the vulnerability has been found." | ||
| - start: 30-10-2024 | ||
| end: | ||
| event: "Initial scan for vulnerable hosts." | ||
| - start: 30-10-2024 | ||
| end: | ||
| event: "DIVD begins notifying owners of vulnerable systems." | ||
|
|
||
| ## Summary | ||
| DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system. | ||
|
|
||
| ## Recommendation | ||
| We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version. | ||
|
|
||
| ## What We Are Doing | ||
| DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities. | ||
|
|
||
| ## More Information | ||
| * [SysAid Product Update](https://documentation.sysaid.com/docs/23338) | ||
| * {% cve CVE-2024-36393 %} | ||
|
|
||
| {% include timeline.html %} |