CVE-2021-43972
First published: Tue Jan 11 2022(Updated: )
An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sysaid On-Premises | =20.4.74-b10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-43972?
CVE-2021-43972 is an unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10.
How does CVE-2021-43972 work?
CVE-2021-43972 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root with an arbitrary filename.
Is there a fix available for CVE-2021-43972?
As of now, there is no official fix available for CVE-2021-43972 from the vendor. It is recommended to apply any patches or mitigations suggested by the vendor or security experts.
What is the severity of CVE-2021-43972?
The severity of CVE-2021-43972 is considered medium with a CVSS score of 6.5.
Where can I find more information about CVE-2021-43972?
You can find more information about CVE-2021-43972 on the official SysAid website and the provided references.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sysaid
- canonical/sysaid on-premises
- version/sysaid on-premises/20.4.74-b10