Vulnerabilities > Kaseya > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-06 | CVE-2021-43039 | Unspecified vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 6.5 |
| 2021-12-06 | CVE-2021-43043 | Unspecified vulnerability in Kaseya Unitrends Backup An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. | 6.5 |
| 2021-07-09 | CVE-2021-30117 | SQL Injection vulnerability in Kaseya VSA The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. | 6.5 |
| 2021-07-09 | CVE-2021-30120 | Incorrect Resource Transfer Between Spheres vulnerability in Kaseya VSA Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. | 5.0 |
| 2021-07-09 | CVE-2021-30121 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Kaseya VSA Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 | 4.0 |
| 2021-07-09 | CVE-2021-30201 | XXE vulnerability in Kaseya VSA The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. | 5.0 |
| 2020-02-13 | CVE-2015-6589 | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | 6.5 |
| 2018-03-26 | CVE-2017-12410 | Race Condition vulnerability in Kaseya Virtual System Administrator It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. | 6.9 |
| 2015-07-20 | CVE-2015-2863 | Open Redirection vulnerability in Kaseya Virtual System Administrator Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network kaseya | 4.3 |
| 2015-07-20 | CVE-2015-2862 | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. | 4.0 |