vulnerability
SysAid Help Desk: CVE-2021-43972: Vulnerability in SysAid Help Desk
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:C/A:N) | Jan 11, 2022 | May 12, 2025 | Mar 25, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:C/A:N)
Published
Jan 11, 2022
Added
May 12, 2025
Modified
Mar 25, 2026
Description
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
Solution
sysaid-help-desk-upgrade-latest
References
- CVE-2021-43972
- https://attackerkb.com/topics/CVE-2021-43972
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2021-0002.md
- https://github.com/atredispartners/advisories/blob/master/ATREDIS-2022-0001.md
- https://www.sysaid.com/it-service-management-software/incident-management
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-30834
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.