DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
| Our reference | DIVD-2024-00045 |
| Case lead | Max van der Horst |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions |
|
| Recommendation | Please update your SysAid instance as soon as possible. |
| Patch status | Released |
| Status | Open |
| Last modified | 03 Nov 2024 21:50 CET |
Summary
DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization’s ITSM system.
Recommendation
We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version.
What We Are Doing
DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities.
Timeline
| Date | Description |
|---|---|
| 30 Oct 2024 | DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393. |
| 30 Oct 2024 | Fingerprint for the vulnerability has been found. |
| 30 Oct 2024 | Initial scan for vulnerable hosts. |
| 30 Oct 2024 | DIVD begins notifying owners of vulnerable systems. |
gantt
title DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2024-00045 - SysAid ITSM SQL Injection vulnerability (still open) :2024-10-30, 2024-11-28
section Events
DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393. : milestone, 2024-10-30, 0d
Fingerprint for the vulnerability has been found. : milestone, 2024-10-30, 0d
Initial scan for vulnerable hosts. : milestone, 2024-10-30, 0d
DIVD begins notifying owners of vulnerable systems. : milestone, 2024-10-30, 0d