Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kaseya vsa vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2019-15506
An issue exists in Kaseya Virtual System Administrator (VSA) up to and including 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information....
Kaseya Virtual System Administrator
7.5
CVSSv2
CVE-2017-18362
ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware pay...
Connectwise Manageditsync
1 Article
7.5
CVSSv2
CVE-2018-20753
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 prior to 9.4.0.36, and R9.5 prior to 9.5.0.5 allows unprivileged remote malicious users to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
Kaseya Virtual System Administrator
1 Article
6.9
CVSSv2
CVE-2017-12410
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and previous versions tries to execute its binaries from working and/or temporary folders. Successful exploitatio...
Kaseya Virtual System Administrator
4
CVSSv2
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.29, 8.x prior to 8.0.0.18, 9.0 prior to 9.0.0.14, and 9.1 prior to 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
Kaseya Virtual System Administrator
1 EDB exploit
4.3
CVSSv2
CVE-2015-2863
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.29, 8.x prior to 8.0.0.18, 9.0 prior to 9.0.0.14, and 9.1 prior to 9.1.0.4 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecifi...
Kaseya Virtual System Administrator
1 EDB exploit
1.7
CVSSv2
CVE-2014-2926
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 prior to 6.5.0.17 and 7.0 prior to 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
Kaseya Virtual System Administrator 6.5
Kaseya Virtual System Administrator 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2