Skip to the content.

DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability

Our reference DIVD-2024-00045
Case lead Max van der Horst
Researcher(s)
CVE(s)
Products
  • SysAid ITSM
Versions
  • 23.3.37 and earlier
Recommendation Please update your SysAid instance as soon as possible.
Patch status Released
Status Open
Last modified 03 Nov 2024 21:50 CET

Summary

DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization’s ITSM system.

Recommendation

We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version.

What We Are Doing

DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities.

Timeline

Date Description
30 Oct 2024 DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393.
30 Oct 2024 Fingerprint for the vulnerability has been found.
30 Oct 2024 Initial scan for vulnerable hosts.
30 Oct 2024 DIVD begins notifying owners of vulnerable systems.
gantt title DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability (still open) :2024-10-30, 2024-11-28 section Events DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393. : milestone, 2024-10-30, 0d Fingerprint for the vulnerability has been found. : milestone, 2024-10-30, 0d Initial scan for vulnerable hosts. : milestone, 2024-10-30, 0d DIVD begins notifying owners of vulnerable systems. : milestone, 2024-10-30, 0d

More information