Unrated severityNVD Advisory· Published Jul 9, 2021· Updated Aug 3, 2024
(Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
CVE-2021-30121
Description
Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp A valid sessionId is required but can be easily obtained via CVE-2021-30118
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Kaseya/VSAdescription
Patches
Vulnerability mechanics
References
3- csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/mitrex_refsource_CONFIRM
- csirt.divd.nl/CVE-2021-30121mitrex_refsource_CONFIRM
- csirt.divd.nl/DIVD-2021-00011mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.