Vulnerabilities > Kaseya > High

DATE CVE VULNERABILITY TITLE RISK
2021-12-06 CVE-2021-43034 Incorrect Permission Assignment for Critical Resource vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
local
low complexity
kaseya CWE-732
7.8
7.8
2021-12-06 CVE-2021-43037 Uncontrolled Search Path Element vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
local
low complexity
kaseya CWE-427
7.8
7.8
2021-12-06 CVE-2021-43038 Injection vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-74
8.8
8.8
2021-12-06 CVE-2021-43040 Unspecified vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya
8.8
8.8
2021-12-06 CVE-2021-43041 Use of Externally-Controlled Format String vulnerability in Kaseya Unitrends Backup
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5.
network
low complexity
kaseya CWE-134
8.8
8.8
2021-09-01 CVE-2021-40385 Unspecified vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya
8.8
8.8
2021-09-01 CVE-2021-40387 Unspecified vulnerability in Kaseya Unitrends Backup Software
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2.
network
low complexity
kaseya
8.8
8.8
2021-07-09 CVE-2021-30117 SQL Injection vulnerability in Kaseya VSA
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId.
network
low complexity
kaseya CWE-89
8.8
8.8
2021-07-09 CVE-2021-30120 Incorrect Resource Transfer Between Spheres vulnerability in Kaseya VSA
Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement.
network
low complexity
kaseya CWE-669
7.5
7.5
2021-07-09 CVE-2021-30201 XXE vulnerability in Kaseya VSA
The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system.
network
low complexity
kaseya CWE-611
7.5
7.5