From securityweek.com
![](https://cert.bournemouth.ac.uk/wp-content/uploads/2023/11/image-19-1024x544.png)
Organizations using SysAid IT service management software have been warned about a zero-day vulnerability that has been exploited by affiliates of a notorious ransomware operation.
Exploitation of the zero-day, tracked as CVE-2023-47246, was apparently first observed by Microsoft’s threat intelligence team, which rushed to notify SysAid about the vulnerability and the attacks.
The vendor has determined that its SysAid on-premises software is impacted by the flaw, which has been described as a path traversal issue leading to arbitrary code execution.