SysAid Zero-Day Vulnerability Exploited by Ransomware Group


Organizations using SysAid IT service management software have been warned about a zero-day vulnerability that has been exploited by affiliates of a notorious ransomware operation.

Exploitation of the zero-day, tracked as CVE-2023-47246, was apparently first observed by Microsoft’s threat intelligence team, which rushed to notify SysAid about the vulnerability and the attacks.

The vendor has determined that its SysAid on-premises software is impacted by the flaw, which has been described as a path traversal issue leading to arbitrary code execution.

Read more…