Vsa Security Vulnerabilities and Issues — Vsa CVE List

Lucene search

KaseyaVsa

7 matches found

CVE•added 2021/07/09 2:15 p.m.•235 views

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 (Macintosh; In...

9.8CVSS9.6AI score0.17351EPSS

CVE•added 2021/07/09 2:15 p.m.•202 views

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

10CVSS8.9AI score0.01029EPSS

CVE•added 2021/07/09 2:15 p.m.•137 views

CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: https://x.x.x.x/HelpDeskTab/rcResults.asp?result= The same is true ...

5.4CVSS7.2AI score0.00104EPSS

CVE•added 2021/07/09 2:15 p.m.•119 views

CVE-2021-30120

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authent...

9.9CVSS8.7AI score0.00162EPSS

CVE•added 2021/07/09 2:15 p.m.•54 views

CVE-2021-30201

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: te...

7.5CVSS7.5AI score0.00329EPSS

CVE•added 2019/10/11 12:15 p.m.•52 views

CVE-2019-14510

An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed i...

7.2CVSS6.4AI score0.00088EPSS

CVE•added 2021/07/09 2:15 p.m.•51 views

CVE-2021-30121

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118

6.5CVSS7.9AI score0.01029EPSS