Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Kaseya Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43043 1 Kaseya 1 Unitrends Backup 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
CVE-2021-43039 1 Kaseya 1 Unitrends Backup 2022-07-12 6.4 MEDIUM 6.5 MEDIUM
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access.
CVE-2021-30121 1 Kaseya 1 Vsa 2022-04-29 4.0 MEDIUM 6.5 MEDIUM
Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118
CVE-2021-30119 1 Kaseya 1 Vsa 2022-04-29 3.5 LOW 5.4 MEDIUM
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
CVE-2019-14510 1 Kaseya 1 Vsa 2021-07-21 7.2 HIGH 6.7 MEDIUM
An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local account FSAdminxxxxxxxxx (e.g., FSAdmin123456789) on the server that hosts the LAN Cache and all clients that are assigned to a LAN Cache. This account is placed into the local Administrators group of all clients assigned to the LAN Cache. When the assigned client is a Domain Controller, the FSAdminxxxxxxxxx account is created as a domain account and automatically added as a member of the domain BUILTIN\Administrators group. Using the well known Pass-the-Hash techniques, an attacker can use the same FSAdminxxxxxxxxx hash from any LAN Cache client and pass this to a Domain Controller, providing administrative rights to the attacker on any Domain Controller. (Local account Pass-the-Hash mitigations do not protect domain accounts.)