Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Vsa Security Vulnerabilities

cve
cve

CVE-2019-14510

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed i...

6.7CVSS

6.4AI Score

0.001EPSS

2019-10-11 12:15 PM
40
cve
cve

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; In...

9.8CVSS

9.5AI Score

0.859EPSS

2021-07-09 02:15 PM
90
In Wild
5
cve
cve

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

9.8CVSS

8.9AI Score

0.002EPSS

2021-07-09 02:15 PM
177
4
cve
cve

CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>aler...

5.4CVSS

7AI Score

0.001EPSS

2021-07-09 02:15 PM
107
12
cve
cve

CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authent...

9.9CVSS

8.6AI Score

0.001EPSS

2021-07-09 02:15 PM
85
9
cve
cve

CVE-2021-30121

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118

6.5CVSS

7.8AI Score

0.002EPSS

2021-07-09 02:15 PM
33
3
cve
cve

CVE-2021-30201

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: te...

7.5CVSS

8.4AI Score

0.002EPSS

2021-07-09 02:15 PM
36
3