Virtual System Administrator Security Vulnerabilities and Issues — Virtual System Administrator CVE List

Lucene search

KaseyaVirtual System Administrator

8 matches found

CVE•added 2019/02/05 6:29 a.m.•935 views

CVE-2018-20753

Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.

9.8CVSS9.5AI score0.37234EPSS

CVE•added 2018/03/26 9:29 p.m.•87 views

CVE-2017-12410

It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arb...

7.4CVSS7.5AI score0.0004EPSS

CVE•added 2015/07/20 11:59 p.m.•67 views

CVE-2015-2863

Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3CVSS6.7AI score0.49733EPSS

CVE•added 2020/02/13 9:15 p.m.•67 views

CVE-2015-6589

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file pa...

8.8CVSS9AI score0.14933EPSS

CVE•added 2015/07/20 11:59 p.m.•57 views

CVE-2015-2862

Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.

4CVSS8.6AI score0.03925EPSS

CVE•added 2019/08/26 12:15 p.m.•39 views

CVE-2019-15506

An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATA...

7.8CVSS7.3AI score0.0056EPSS

CVE•added 2020/02/17 6:15 p.m.•38 views

CVE-2015-6922

Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/set...

9.8CVSS9.6AI score0.76716EPSS

CVE•added 2014/07/14 9:55 p.m.•33 views

CVE-2014-2926

kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

1.7CVSS6.4AI score0.00051EPSS