Kaseya Vsa
7 CVEs affecting Kaseya Vsa. Latest disclosed: 2021-07-09. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-30120 | Critical | 9.9 | 2021-07-09 | Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side an… |
CVE-2021-30118 | Critical | 9.8 | 2021-07-09 | An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequent… |
CVE-2021-30117 | Critical | 9.8 | 2021-07-09 | The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description -… |
CVE-2021-30201 | High | 7.5 | 2021-07-09 | The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by th… |
CVE-2019-14510 | Medium | 6.7 | 2019-10-11 | An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxx… |
CVE-2021-30121 | Medium | 6.5 | 2021-07-09 | Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/… |
CVE-2021-30119 | Medium | 5.4 | 2021-07-09 | Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page a… |