From 05d188b21ae862def86e6faa6da357320d6c3beb Mon Sep 17 00:00:00 2001 From: Stan Plasmeijer <111912052+JstRelax@users.noreply.github.com> Date: Sun, 3 Nov 2024 21:47:23 +0100 Subject: [PATCH 1/2] Fixed case 45 --- _cases/2024/DIVD-2024-00045.md | 43 ++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/_cases/2024/DIVD-2024-00045.md b/_cases/2024/DIVD-2024-00045.md index 5bd714b6..156121e2 100644 --- a/_cases/2024/DIVD-2024-00045.md +++ b/_cases/2024/DIVD-2024-00045.md @@ -1,4 +1,5 @@ -layout: case +--- +layout: case title: "SysAid ITSM SQL Injection vulnerability" author: Max van der Horst lead: Max van der Horst @@ -16,31 +17,37 @@ patch_status: Released status: Open start: 30-10-2024 end: -timeline: -- start: 30-10-2024 - end: - event: "DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393." -- start: 30-10-2024 - end: - event: "Fingerprint for the vulnerability has been found." -- start: 30-10-2024 - end: - event: "Initial scan for vulnerable hosts." -- start: 30-10-2024 - end: - event: "DIVD begins notifying owners of vulnerable systems." +timeline: +- start: 2024-10-30 + end: + event: "DIVD receives threat intelligence related to exploit activity around SysAid instances vulnerable to CVE-2024-36393." +- start: 2024-10-30 + end: + event: "Fingerprint for the vulnerability has been found." +- start: 2024-10-30 + end: + event: "Initial scan for vulnerable hosts." +- start: 2024-10-30 + end: + event: "DIVD begins notifying owners of vulnerable systems." + +--- ## Summary + DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system. ## Recommendation + We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version. ## What We Are Doing -DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities. -## More Information - * [SysAid Product Update](https://documentation.sysaid.com/docs/23338) -* {% cve CVE-2024-36393 %} +DIVD is currently working to identify and notify vulnerable parties. We do this by finding SysAid instances connected to the internet and verifying if the device is running the vulnerable software versions. If this is the case, notifications will be sent to the responsible entities. {% include timeline.html %} + +## More information + +* {% cve CVE-2024-36393 %} +* [SysAid Product Update](https://documentation.sysaid.com/docs/23338) From 1026f6279afd048b98c7df3c272ada837766d218 Mon Sep 17 00:00:00 2001 From: Stan Plasmeijer <111912052+JstRelax@users.noreply.github.com> Date: Sun, 3 Nov 2024 21:50:42 +0100 Subject: [PATCH 2/2] Fixed start date --- _cases/2024/DIVD-2024-00045.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00045.md b/_cases/2024/DIVD-2024-00045.md index 156121e2..39919849 100644 --- a/_cases/2024/DIVD-2024-00045.md +++ b/_cases/2024/DIVD-2024-00045.md @@ -15,7 +15,7 @@ versions: recommendation: "Please update your SysAid instance as soon as possible." patch_status: Released status: Open -start: 30-10-2024 +start: 2024-10-30 end: timeline: - start: 2024-10-30