Search criteria
2 vulnerabilities found for Sysax Multi Server by Sysax
CVE-2023-54337 (GCVE-0-2023-54337)
Vulnerability from cvelistv5 – Published: 2026-01-13 22:52 – Updated: 2026-03-05 01:29
VLAI
Title
Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
Summary
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
Severity
9.1 (Critical)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51066 | exploit |
| https://www.sysax.com/ | product |
| https://www.vulncheck.com/advisories/sysax-multi-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sysax | Sysax Multi Server |
Affected:
6.95
|
Date Public
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-54337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:46:16.057643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:17:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sysax Multi Server",
"vendor": "Sysax",
"versions": [
{
"status": "affected",
"version": "6.95"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysax:multi_server:6.95:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:45.147Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51066",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.sysax.com/"
},
{
"name": "VulnCheck Advisory: Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-54337",
"datePublished": "2026-01-13T22:52:08.992Z",
"dateReserved": "2026-01-10T01:51:52.983Z",
"dateUpdated": "2026-03-05T01:29:45.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-54337 (GCVE-0-2023-54337)
Vulnerability from nvd – Published: 2026-01-13 22:52 – Updated: 2026-03-05 01:29
VLAI
Title
Sysax Multi Server 6.95 - 'Password' Denial of Service (PoC)
Summary
Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality.
Severity
9.1 (Critical)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/51066 | exploit |
| https://www.sysax.com/ | product |
| https://www.vulncheck.com/advisories/sysax-multi-… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sysax | Sysax Multi Server |
Affected:
6.95
|
Date Public
2022-10-05 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-54337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T15:46:16.057643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T19:17:58.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"tags": [
"exploit"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Sysax Multi Server",
"vendor": "Sysax",
"versions": [
{
"status": "affected",
"version": "6.95"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sysax:multi_server:6.95:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luis Martinez"
}
],
"datePublic": "2022-10-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sysax Multi Server 6.95 contains a denial of service vulnerability in the administrative password field that allows attackers to crash the application. Attackers can overwrite the password field with 800 bytes of repeated characters to trigger an application crash and disrupt server functionality."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:29:45.147Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51066",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51066"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://www.sysax.com/"
},
{
"name": "VulnCheck Advisory: Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/sysax-multi-server-password-denial-of-service-poc"
}
],
"title": "Sysax Multi Server 6.95 - \u0027Password\u0027 Denial of Service (PoC)",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-54337",
"datePublished": "2026-01-13T22:52:08.992Z",
"dateReserved": "2026-01-10T01:51:52.983Z",
"dateUpdated": "2026-03-05T01:29:45.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}