Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Kaseya Subscribe
Filtered by product Unitrends Backup

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43040 1 Kaseya 1 Unitrends Backup 2022-07-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation.
CVE-2021-43034 1 Kaseya 1 Unitrends Backup 2022-07-12 4.6 MEDIUM 7.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation.
CVE-2021-43038 1 Kaseya 1 Unitrends Backup 2022-05-13 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user.
CVE-2021-43041 1 Kaseya 1 Unitrends Backup 2021-12-06 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application.
CVE-2021-43037 1 Kaseya 1 Unitrends Backup 2021-12-06 6.9 MEDIUM 7.8 HIGH
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM.
CVE-2017-12479 1 Kaseya 1 Unitrends Backup 2021-12-06 9.0 HIGH 8.8 HIGH
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.