DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
Our reference | DIVD-2024-00045 |
Case lead | Max van der Horst |
Researcher(s) | |
CVE(s) | |
Products |
|
Versions |
|
Recommendation | Please update your SysAid instance as soon as possible. |
Patch status | Released |
Status | Open |
Last modified | 20 Nov 2024 19:09 CET |
Summary
DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in March 2024 and can lead to unauthorized actors gaining access to your organization’s ITSM system.
Recommendation
We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version.
What We Are Doing
DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities.
Timeline
Date | Description |
---|---|
30 Oct 2024 | DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393. |
30 Oct 2024 | Fingerprint for the vulnerability has been found. |
30 Oct 2024 | Initial scan for vulnerable hosts. |
30 Oct 2024 | DIVD begins notifying owners of vulnerable systems. |