Vulnerabilities > Kaseya > VSA > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-30117 | SQL Injection vulnerability in Kaseya VSA The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. | 8.8 |
| 2021-07-09 | CVE-2021-30120 | Incorrect Resource Transfer Between Spheres vulnerability in Kaseya VSA Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. | 7.5 |
| 2021-07-09 | CVE-2021-30201 | XXE vulnerability in Kaseya VSA The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. | 7.5 |