2 matches found
CVE-2021-30201
The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed external entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type:...
CVE-2021-30201
CVE-2021-30201 affects Kaseya VSA (on‑premises/server side) where the API /vsaWS/KaseyaWS.asmx processes XML with external entities. The vulnerability arises from insecure handling of XML external entities, allowing an attacker to cause the server to read local files (e.g., c:\kaseya\kserver\kser...