CVE-2021-43974

An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register end users anonymously, but does not respect the server-side setting that determines if anonymous users are allowed to register new accounts. Configuring the server-side setting to disable anonymous user registration only hides the client-side registration form. An attacker can still post registration data to create new accounts without prior authentication.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:sysaid:itil:20.4.74:b10:*:*:*:*:*:*

Information

Published : 2022-01-11 12:15

Updated : 2022-07-12 10:42


NVD link : CVE-2021-43974

Mitre link : CVE-2021-43974


JSON object : View

CWE
CWE-306

Missing Authentication for Critical Function

Advertisement

dedicated server usa

Products Affected

sysaid

  • itil