CVE-2024-36394

SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Basic Information

CVE State: PUBLISHED
Reserved Date: May 27, 2024
Published Date: June 06, 2024
Last Updated: August 02, 2024
Vendor: Sysaid
Product: SysAid
Description: SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS Scores

CVSS v3.1

9.1 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-10-26 04:57:35 UTC) Source

References

https://www.gov.il/en/Departments/faq/cve_advisories

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-10-26 04:57:35 UTC

Timeline

CVE ID Reserved

May 27, 2024
CVE Published to Public

June 06, 2024
Added to KEVIntel

October 26, 2025