SysAid On-Premise is used to manage IT tasks. SysAid On-Premise also allows end users to contact IT services, regardless of their location.
SysAid On-Premise could allow a remote attacker to traverse directories on the system, caused by improper archive file validation.
An attacker could use a specially crafted zlib compressed WAR file webshell containing "dot dot" sequences (/../) to control where this webshell is written on the vulnerable server. The attacker can then browse to the URL where it now resides to gain access to the server.
By turning this into a traffic file and matching rule, we are able to detect attempts at directory traversal leading to remote code execution on the system.
Idappcom have created signature 8024393 along with a traffic file for this vulnerability.
Huntress - CVE-2023-47246
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional