Vulnerabilities > Kaseya > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-12-06 CVE-2021-43044 Use of Hard-coded Credentials vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-798
critical
 9.8
9.8
2021-12-06 CVE-2021-43042 Classic Buffer Overflow vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-120
critical
 9.8
9.8
2021-12-06 CVE-2021-43036 Weak Password Requirements vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-521
critical
 9.8
9.8
2021-12-06 CVE-2021-43035 SQL Injection vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-89
critical
 9.8
9.8
2021-12-06 CVE-2021-43033 OS Command Injection vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-78
critical
 9.8
9.8
2021-09-01 CVE-2021-40387 Unspecified vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya
critical
 9.0
9.0
2021-09-01 CVE-2021-40385 Unspecified vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya
critical
 9.0
9.0
2021-07-09 CVE-2021-30118 Unrestricted Upload of File with Dangerous Type vulnerability in Kaseya VSA
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE.
network
low complexity
kaseya CWE-434
critical
 10.0
10
2021-07-09 CVE-2021-30116 Insufficiently Protected Credentials vulnerability in Kaseya VSA Agent and VSA Server
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.
network
low complexity
kaseya CWE-522
critical
 9.8
9.8
2017-08-07 CVE-2017-12477 Improper Authentication vulnerability in Kaseya Unitrends Backup
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed.
network
low complexity
kaseya CWE-287
critical
 10.0
10