Vulnerabilities > Kaseya

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-40385 Improper Privilege Management vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya CWE-269
critical
9.0
2021-09-01 CVE-2021-40387 Unspecified vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya
critical
9.0
2021-07-09 CVE-2021-30116 Insufficiently Protected Credentials vulnerability in Kaseya VSA
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.
network
low complexity
kaseya CWE-522
7.5
2021-07-09 CVE-2021-30117 SQL Injection vulnerability in Kaseya VSA
SQL injection exists in Kaseya VSA before 9.5.6.
network
low complexity
kaseya CWE-89
6.5
2021-07-09 CVE-2021-30118 Unspecified vulnerability in Kaseya VSA
Kaseya VSA before 9.5.5 allows remote code execution.
network
low complexity
kaseya
7.5
2021-07-09 CVE-2021-30119 Cross-site Scripting vulnerability in Kaseya VSA
Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.
network
kaseya CWE-79
3.5
2021-07-09 CVE-2021-30120 Incorrect Authorization vulnerability in Kaseya VSA
Kaseya VSA through 9.5.7 allows attackers to bypass the 2FA requirement.
network
low complexity
kaseya CWE-863
5.0
2021-07-09 CVE-2021-30121 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Kaseya VSA
Local file inclusion exists in Kaseya VSA before 9.5.6.
network
low complexity
kaseya CWE-829
6.5
2021-07-09 CVE-2021-30201 XXE vulnerability in Kaseya VSA
An XML External Entity (XXE) issue exists in Kaseya VSA before 9.5.6.
network
low complexity
kaseya CWE-611
6.5
2020-02-17 CVE-2015-6922 Improper Authentication vulnerability in Kaseya Virtual System Administrator
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
network
low complexity
kaseya CWE-287
7.5