CVE-2022-22796: 
SysAid Server vulnerability analysis and mitigation

SysAid Help Desk contains an authentication bypass vulnerability (CVE-2022-22796) that allows an attacker to gain unauthorized access to the system. The vulnerability was discovered in versions prior to 21.1.30 (cloud) and 21.4.45 (on-premises). An attacker can bypass the authentication process by accessing specific JSP pages in sequence: /wmiwizard.jsp, then /ConcurrentLogin.jsp, and clicking the login button to be redirected to /home.jsp without proper authentication (Israel CERT).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) by NIST NVD, indicating a critical severity level. The vulnerability is classified as CWE-287: Improper Authentication. The attack vector is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

If successfully exploited, an attacker can gain unauthorized access to the system dashboard. This allows the attacker to access sensitive data including server details, usernames, and workstation information. Additionally, the attacker can perform administrative actions such as uploading files and deleting system calls (MITRE CVE).

Organizations should upgrade to SysAid version 21.1.30 or later for cloud deployments, or version 21.4.45 or later for on-premises installations to remediate this vulnerability (NVD).