What are the SQL injection vulnerabilities in CVE-2015-2999?

CVE-2015-2999 includes multiple SQL injection vulnerabilities that allow remote administrators to execute arbitrary SQL commands through specific parameters in SysAid Help Desk.

What software versions are affected by CVE-2015-2999?

CVE-2015-2999 affects SysAid Help Desk versions prior to 15.2, specifically those up to version 15.1.

How can I mitigate CVE-2015-2999 vulnerabilities?

To mitigate CVE-2015-2999 vulnerabilities, it's recommended to upgrade to SysAid Help Desk version 15.2 or later.

Can CVE-2015-2999 be exploited remotely?

Yes, CVE-2015-2999 can be exploited remotely by sending malicious SQL queries through the affected parameters.

What impact does CVE-2015-2999 have on my system?

CVE-2015-2999 can lead to unauthorized access to the database, data leakage, or manipulation of the database contents.

Vulnerability/
CVE-2015-2999

medium

6.5

CWE

8/6/2015

6/8/2024

CVE-2015-2999: SQL Injection

First published: Mon Jun 08 2015(Updated: )

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sysaid On-Premises	<=15.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What are the SQL injection vulnerabilities in CVE-2015-2999?
CVE-2015-2999 includes multiple SQL injection vulnerabilities that allow remote administrators to execute arbitrary SQL commands through specific parameters in SysAid Help Desk.
What software versions are affected by CVE-2015-2999?
CVE-2015-2999 affects SysAid Help Desk versions prior to 15.2, specifically those up to version 15.1.
How can I mitigate CVE-2015-2999 vulnerabilities?
To mitigate CVE-2015-2999 vulnerabilities, it's recommended to upgrade to SysAid Help Desk version 15.2 or later.
Can CVE-2015-2999 be exploited remotely?
Yes, CVE-2015-2999 can be exploited remotely by sending malicious SQL queries through the affected parameters.
What impact does CVE-2015-2999 have on my system?
CVE-2015-2999 can lead to unauthorized access to the database, data leakage, or manipulation of the database contents.

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
vendor/sysaid
canonical/sysaid on-premises
version/sysaid on-premises/15.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.