Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unitrends backup vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-43037
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
Kaseya Unitrends Backup
6.5
CVSSv3
CVE-2021-43039
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The Samba file sharing service allowed anonymous read/write access.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2021-43040
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-43042
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.
Kaseya Unitrends Backup
9.8
CVSSv3
CVE-2021-43044
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The SNMP daemon was configured with a weak default community.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2017-12479
It exists that an issue in the session logic in Unitrends Backup (UB) prior to 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could t...
Kaseya Unitrends Backup
1 EDB exploit
7.8
CVSSv3
CVE-2021-43034
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2021-43038
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
Kaseya Unitrends Backup
8.8
CVSSv3
CVE-2021-43041
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
Kaseya Unitrends Backup
6.5
CVSSv3
CVE-2021-43043
An issue exists in Kaseya Unitrends Backup Appliance prior to 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
Kaseya Unitrends Backup
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »