Indirect Object Reference (IDOR) Vulnerability in SysAid Allows Unauthorized Access to Ticket Data

Indirect Object Reference (IDOR) Vulnerability in SysAid Allows Unauthorized Access to Ticket Data

CVE-2023-33706 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.

Learn more about our Web Application Penetration Testing UK.