Search criteria
2 vulnerabilities found for Sysax Multi Server by Sysax
CVE-2023-54337 (GCVE-0-2023-54337)
Vulnerability from nvd – Published: 2026-01-13 22:52 – Updated: 2026-01-14 19:17
VLAI?
Title
Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
Summary
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sysax | Sysax Multi Server |
Affected:
6.95
|
Credits
Luis Martinez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-54337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:46:16.057643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:17:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sysax Multi Server",
"vendor": "Sysax",
"versions": [
{
"status": "affected",
"version": "6.95"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:52:08.992Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51066",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.sysax.com/"
},
{
"name": "VulnCheck Advisory: Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-54337",
"datePublished": "2026-01-13T22:52:08.992Z",
"dateReserved": "2026-01-10T01:51:52.983Z",
"dateUpdated": "2026-01-14T19:17:58.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-54337 (GCVE-0-2023-54337)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:52 – Updated: 2026-01-14 19:17
VLAI?
Title
Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
Summary
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
Severity ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sysax | Sysax Multi Server |
Affected:
6.95
|
Credits
Luis Martinez
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-54337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:46:16.057643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:17:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sysax Multi Server",
"vendor": "Sysax",
"versions": [
{
"status": "affected",
"version": "6.95"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T22:52:08.992Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51066",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.sysax.com/"
},
{
"name": "VulnCheck Advisory: Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-54337",
"datePublished": "2026-01-13T22:52:08.992Z",
"dateReserved": "2026-01-10T01:51:52.983Z",
"dateUpdated": "2026-01-14T19:17:58.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}