CVE-2023-33706: 
SysAid Server vulnerability analysis and mitigation

SysAid Help Desk before version 23.2.15 contains an Insecure Direct Object Reference (IDOR) vulnerability that allows authenticated users to read ticket data by manipulating the sid parameter in EmailHtmlSourceIframe.jsp or the srID parameter in ShowMessage.jsp. The vulnerability affects both SysAid Help Desk On-Premise versions before 23.2.15 and Cloud versions before 23.2.50 (NIST NVD, PRIDE Security).

The vulnerability exists in the ticket management system's message viewing functionality. When a user attempts to view messages in a ticket, the application makes requests to two endpoints: /ShowMessage.jsp and /EmailHtmlSourceIframe.jsp. The srID parameter in ShowMessage.jsp and sid parameter in EmailHtmlSourceIframe.jsp can be manipulated to access tickets belonging to other users, as the application fails to properly validate access permissions. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (NIST NVD).

By exploiting this vulnerability, an authenticated attacker with requester-level access can view all tickets on the platform, including those they should not have access to. This could lead to unauthorized access to sensitive information exchanged between requesters and administrative users, including confidential data, communications, logins, passwords, tokens, and documents that may have been shared during ticket resolution (PRIDE Security).

SysAid Technologies has released patched versions to address this vulnerability. Users of SysAid Help Desk On-Premise should upgrade to version 23.2.15 or later, while Cloud users should ensure they are running version 23.2.50 or later (NIST NVD, PRIDE Security).