Sign in Get started

← All vendors

Vendor

Kaseya

Sign in to watch

Products

2

CVEs

6

Across products

7

Status

Private

Products

2

Virtual System Administrator
4 CVEs
Unitrends Backup
3 CVEs

Recent CVEs

6

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-12478	Cri	0.73	9.8	0.82		Aug 7, 2017	It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
CVE-2017-12477	Cri	0.73	9.8	0.76		Aug 7, 2017	It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system.
CVE-2017-12479	Hig	0.61	8.8	0.13		Aug 7, 2017	It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges.
CVE-2015-2863		0.07	—	0.49		Jul 20, 2015	Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2015-2862		0.03	—	0.03		Jul 20, 2015	Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.
CVE-2014-2926		0.00	—	0.00		Jul 14, 2014	kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.