Skip to content

Commit

Permalink
Merge pull request #866 from DIVD-NL/fixing-case-45
Browse files Browse the repository at this point in the history
  • Loading branch information
@Maximand
Maximand authored Nov 3, 2024
2 parents 1fe5f37 + 1026f62 commit 4ba74d2
Showing 1 changed file with 26 additions and 19 deletions.
45 changes: 26 additions & 19 deletions _cases/2024/DIVD-2024-00045.md
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
layout: case
---
layout: case
title: "SysAid ITSM SQL Injection vulnerability"
author: Max van der Horst
lead: Max van der Horst
Expand All @@ -14,33 +15,39 @@ versions:
recommendation: "Please update your SysAid instance as soon as possible."
patch_status: Released
status: Open
start: 30-10-2024
start: 2024-10-30
end:
timeline:
- start: 30-10-2024
end:
event: "DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393."
- start: 30-10-2024
end:
event: "Fingerprint for the vulnerability has been found."
- start: 30-10-2024
end:
event: "Initial scan for vulnerable hosts."
- start: 30-10-2024
end:
event: "DIVD begins notifying owners of vulnerable systems."
timeline:
- start: 2024-10-30
end:
event: "DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393."
- start: 2024-10-30
end:
event: "Fingerprint for the vulnerability has been found."
- start: 2024-10-30
end:
event: "Initial scan for vulnerable hosts."
- start: 2024-10-30
end:
event: "DIVD begins notifying owners of vulnerable systems."

---

## Summary

DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system.

## Recommendation

We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version.

## What We Are Doing
DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities.

## More Information
* [SysAid Product Update](https://documentation.sysaid.com/docs/23338)
* {% cve CVE-2024-36393 %}
DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities.

{% include timeline.html %}

## More information

* {% cve CVE-2024-36393 %}
* [SysAid Product Update](https://documentation.sysaid.com/docs/23338)

0 comments on commit 4ba74d2

Please sign in to comment.