Cyber Resilience

CVE-2023-47246

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRansomware-linked

Published: 10 November 2023

Published
10 November 2023
Modified
31 October 2025
KEV Added
13 November 2023
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9438 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-47246 is a critical-severity Path Traversal (CWE-22) vulnerability in Sysaid Sysaid. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-47246 is a path traversal vulnerability, tracked under CWE-22, that affects SysAid On-Premise versions prior to 23.3.36. The flaw permits an attacker to write a file into the Tomcat webroot, which in turn enables arbitrary code execution on the affected server. It carries a CVSS 3.1 base score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction.

An unauthenticated remote attacker can exploit the issue to upload and execute malicious code, resulting in full compromise of the SysAid instance. The vulnerability was observed being exploited in the wild in November 2023, consistent with its high exploitation probability scores (current EPSS 0.9438, peak 0.9633).

Vendor advisories direct administrators to apply the latest On-Premise release, available via the documented installation files, and reference the 2023 security enhancements that address this exposure. The accompanying notification blog post outlines the remediation steps for on-premise deployments.

EU & UK References

Vulnerability details

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.

CWE(s)
KEV Date Added
13 November 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

sysaid
sysaid
≤ 23.3.36

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly blocks the crafted directory-traversal input that allows an unauthenticated attacker to write an arbitrary JSP file into the Tomcat webroot.

prevent

Enforces access-control decisions on file-write operations so that unauthenticated remote requests cannot deposit executable content under the web application root.

prevent

Requires timely application of the vendor-supplied update to version 23.3.36 that eliminates the path-traversal flaw.

References