Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kaseya vsa vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-30118
An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbit...
Kaseya Vsa
7.8
CVSSv2
CVE-2019-15506
An issue exists in Kaseya Virtual System Administrator (VSA) up to and including 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information....
Kaseya Virtual System Administrator
7.5
CVSSv2
CVE-2021-30116
Kaseya VSA prior to 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacke...
Kaseya Vsa Agent
Kaseya Vsa Server
3 Github repositories
1 Article
7.5
CVSSv2
CVE-2015-6922
Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.33, 8.x prior to 8.0.0.23, 9.0 prior to 9.0.0.19, and 9.1 prior to 9.1.0.9 does not properly require authentication, which allows remote malicious users to bypass authentication and (1) add an administrative account via...
Kaseya Virtual System Administrator
2 EDB exploits
7.5
CVSSv2
CVE-2017-18362
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware pay...
Connectwise Manageditsync
1 Article
7.5
CVSSv2
CVE-2018-20753
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 prior to 9.4.0.36, and R9.5 prior to 9.5.0.5 allows unprivileged remote malicious users to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Kaseya Virtual System Administrator
1 Article
7.2
CVSSv2
CVE-2019-14510
An issue exists in Kaseya VSA RMM up to and including 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. T...
Kaseya Vsa
6.9
CVSSv2
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
6.5
CVSSv2
CVE-2021-30117
The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agen...
Kaseya Vsa
6.5
CVSSv2
CVE-2015-6589
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 prior to 7.0.0.33, 8..0.0.0 prior to 8.0.0.23, 9.0.0.0 prior to 9.0.0.19, and 9.1.0.0 prior to 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insuffici...
Kaseya Virtual System Administrator
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »