CVE-2023-47247: 
SysAid Server vulnerability analysis and mitigation

In SysAid On-Premise before version 23.3.34, a vulnerability was discovered where an end user could delete a Knowledge Base article in certain edge cases. This vulnerability is tracked as CVE-2023-47247 and is also referenced internally as bug 15102. The issue was disclosed on December 25, 2023 (CVE Details).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires low attack complexity, requires low privileges to exploit, and can be triggered without user interaction. The impact primarily affects the integrity of the system (NVD).

The vulnerability allows unauthorized deletion of Knowledge Base articles, which could lead to loss of important documentation and information resources. The CVSS scoring indicates that while there is no direct impact on confidentiality or availability, there is a low impact on the integrity of the system (NVD).

The vulnerability has been fixed in SysAid On-Premise version 23.3.34. Organizations running affected versions should upgrade to version 23.3.34 or later to address this security issue (Release Notes).