VYPR

Kaseya

by Kaseya

CVEs (4)

  • CVE-2017-18362CriKEVFeb 5, 2019
    risk 0.89cvss 9.8epss 0.87

    ConnectWise ManagedITSync integration through 2017 for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. In February 2019, attackers have actively exploited this in the wild to download and execute ransomware…

  • CVE-2021-30117CriJul 9, 2021
    risk 0.69cvss 9.8epss 0.72

    The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: ``` GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent:…

  • CVE-2013-10034CriJul 31, 2025
    risk 0.64cvss epss 0.02

    An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of…

  • CVE-2021-30201HigJul 9, 2021
    risk 0.51cvss 7.5epss 0.25

    The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx…