vulnerability

SysAid Help Desk: CVE-2020-10569: Unrestricted Upload of File with Dangerous Type

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 21, 2020	May 12, 2025	Jul 2, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 21, 2020

Added

May 12, 2025

Modified

Jul 2, 2025

Description

SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938

Solution

sysaid-help-desk-upgrade-latest

References

CWE-434
CVE-2020-10569
https://attackerkb.com/topics/CVE-2020-10569
URL-http://packetstormsecurity.com/files/157314/Sysaid-20.1.11-b26-Remote-Command-Execution.html
URL-https://www.sysaid.com/product/on-premise/20-2/release-notes

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today