Is CVE-2021-43972 actively exploited?

CVE-2021-43972 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2021-43972?

CVE-2021-43972 has a CVSS score of 6.5 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2021-43972?

Patch guidance is available from sysaid security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2021-43972.

CVE-2021-43972 - remediation guidance & executive summary

Description

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: SYSAID
Published: 1/11/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2021-43972

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary