Sysaid System Takeover: Authentication Bypass via /wmiwizard.jsp and /ConcurrentLogin.jsp

Sysaid System Takeover: Authentication Bypass via /wmiwizard.jsp and /ConcurrentLogin.jsp

CVE-2022-22796 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

Learn more about our Web Application Penetration Testing UK.