VYPR

Virtual System Administrator

by Kaseya

CVEs (7)

  • CVE-2017-12410HigMar 26, 2018
    risk 0.48cvss 7.4epss 0.00

    It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in…

  • CVE-2015-2863Jul 20, 2015
    risk 0.04cvss epss 0.10

    Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2015-2862Jul 20, 2015
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.

  • CVE-2015-6922Feb 17, 2020
    risk 0.02cvss epss 0.82

    Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted…

  • CVE-2015-6589Feb 13, 2020
    risk 0.00cvss epss 0.14

    Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient…

  • CVE-2019-15506Aug 26, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information.…

  • CVE-2014-2926Jul 14, 2014
    risk 0.00cvss epss 0.00

    kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

VYPR — Vulnerability Intelligence