Vulnerabilities > Kaseya > Virtual System Administrator > 7.0.0.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-17 | CVE-2015-6922 | Improper Authentication vulnerability in Kaseya Virtual System Administrator Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx. | 7.5 |
2020-02-13 | CVE-2015-6589 | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | 6.5 |
2019-08-26 | CVE-2019-15506 | Information Exposure vulnerability in Kaseya Virtual System Administrator An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. | 7.8 |
2018-03-26 | CVE-2017-12410 | Race Condition vulnerability in Kaseya Virtual System Administrator It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. | 6.9 |
2015-07-20 | CVE-2015-2863 | Open Redirection vulnerability in Kaseya Virtual System Administrator Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. network kaseya | 4.3 |
2015-07-20 | CVE-2015-2862 | Path Traversal vulnerability in Kaseya Virtual System Administrator Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request. | 4.0 |