Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kaseya vsa vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-30201
The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HT...
Kaseya Vsa
5
CVSSv2
CVE-2021-30120
Kaseya VSA prior to 9.5.7 allows malicious users to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login proc...
Kaseya Vsa
4.3
CVSSv2
CVE-2015-2863
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.29, 8.x prior to 8.0.0.18, 9.0 prior to 9.0.0.14, and 9.1 prior to 9.1.0.4 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via unspecifi...
Kaseya Virtual System Administrator
1 EDB exploit
4
CVSSv2
CVE-2021-30121
Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118
Kaseya Vsa
4
CVSSv2
CVE-2015-2862
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x prior to 7.0.0.29, 8.x prior to 8.0.0.18, 9.0 prior to 9.0.0.14, and 9.1 prior to 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
Kaseya Virtual System Administrator
1 EDB exploit
3.5
CVSSv2
CVE-2021-30119
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?resul...
Kaseya Vsa
1.7
CVSSv2
CVE-2014-2926
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 prior to 6.5.0.17 and 7.0 prior to 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
Kaseya Virtual System Administrator 6.5
Kaseya Virtual System Administrator 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2