From 24b7230b10d58b53021d12cac651ac5a2a4ce48d Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Wed, 30 Oct 2024 11:39:27 +0100 Subject: [PATCH 1/3] Update DIVD-2024-00045.md --- _cases/2024/DIVD-2024-00045.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_cases/2024/DIVD-2024-00045.md b/_cases/2024/DIVD-2024-00045.md index 5bd714b6..c22ea7e2 100644 --- a/_cases/2024/DIVD-2024-00045.md +++ b/_cases/2024/DIVD-2024-00045.md @@ -2,7 +2,7 @@ layout: case title: "SysAid ITSM SQL Injection vulnerability" author: Max van der Horst lead: Max van der Horst -excerpt: "In May 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system." +excerpt: "In March 2024, a SQL Injection vulnerability has been discovered in SysAid ITSM that has been reported to be actively exploited as recent as October 2024. Exploitation can result in unauthorized access to your ITSM system." researchers: - Max van der Horst cves: @@ -31,7 +31,7 @@ timeline: event: "DIVD begins notifying owners of vulnerable systems." ## Summary -DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in May 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system. +DIVD has taken notice of active exploitation surrounding SysAid ITSM instances that are vulnerable to CVE-2024-36393. The vulnerability, which is an SQL Injection, was found in March 2024 and can lead to unauthorized actors gaining access to your organization's ITSM system. ## Recommendation We advise you to update your instance as soon as possible to the minimum version of 23.3.38, preferably to the latest version. From f30aa8c1c8bc2c8b1ce66f283f80cdce0216b6c2 Mon Sep 17 00:00:00 2001 From: Maximand Date: Wed, 20 Nov 2024 19:06:22 +0100 Subject: [PATCH 2/3] Timeline update for 2024-00004 --- _cases/2024/DIVD-2024-00004.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/_cases/2024/DIVD-2024-00004.md b/_cases/2024/DIVD-2024-00004.md index 758dc9d3..a4888df4 100644 --- a/_cases/2024/DIVD-2024-00004.md +++ b/_cases/2024/DIVD-2024-00004.md @@ -32,6 +32,18 @@ timeline: - start: 2023-10-04 end: event: "Case started" +- start: 2024-03-01 + end: + event: "Discovery of NGOs and their domains started." +- start: 2024-09-31 + end: + event: "Roughly 56.000 candidate NGOs found for scanning, continuing discovery." +- start: 2024-11-04 + end: + event: "Vulnerability scanning has started on a first set of organisations." +- start: 2024-11-20 + end: + event: "Proceeding with first round of vulnerability notifications." --- ## Summary From dd17b3968cd721d475e3cc22a082fd3bd44e92d6 Mon Sep 17 00:00:00 2001 From: Max <25766540+Maximand@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:50:25 +0100 Subject: [PATCH 3/3] Update _cases/2024/DIVD-2024-00004.md Co-authored-by: Frank Breedijk --- _cases/2024/DIVD-2024-00004.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_cases/2024/DIVD-2024-00004.md b/_cases/2024/DIVD-2024-00004.md index a4888df4..5b07af1f 100644 --- a/_cases/2024/DIVD-2024-00004.md +++ b/_cases/2024/DIVD-2024-00004.md @@ -35,7 +35,7 @@ timeline: - start: 2024-03-01 end: event: "Discovery of NGOs and their domains started." -- start: 2024-09-31 +- start: 2024-09-30 end: event: "Roughly 56.000 candidate NGOs found for scanning, continuing discovery." - start: 2024-11-04