What is CVE-2021-30201?

CVE-2021-30201 is a high-severity vulnerability in Kaseya Vsa, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2021-07-09.

How severe is CVE-2021-30201?

High severity. CVSS v3 base score is 7.5 out of 10.

XXE in Kaseya Vsa

CVE-2021-30201

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following…

Vulnerability class: XXE (XML External Entity)

EPSS: 0.253 (97.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Kaseya Vsa
N/a — versions n/a

Weakness classification (CWE)

CWE-611 — Improper Restriction of XML External Entity Reference (XXE)

References

cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Release Notes, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit, Third Party Advisory)

Frequently asked questions

What is CVE-2021-30201?: CVE-2021-30201 is a high-severity vulnerability in Kaseya Vsa, classified under Improper Restriction of XML External Entity Reference (XXE). CVSS score: 7.5/10. Published 2021-07-09.
How severe is CVE-2021-30201?: High severity. CVSS v3 base score is 7.5 out of 10.