CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43044
https://notcve.org/view.php?id=CVE-2021-43044
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El demonio SNMP estaba configurado con una comunidad débil por defecto • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43040
https://notcve.org/view.php?id=CVE-2021-43040
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El vaultServer privilegiado podría ser aprovechado para crear archivos arbitrarios con capacidad de escritura, conllevando a una escalada de privilegios • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2021-43035
https://notcve.org/view.php?id=CVE-2021-43035
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. Se detectaron dos vulnerabilidades de inyección SQL no autenticadas, que permitían inye... • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2021-43039
https://notcve.org/view.php?id=CVE-2021-43039
06 Dec 2021 — An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. Se ha detectado un problema en Kaseya Unitrends Backup Appliance versiones anteriores a 10.5.5. El servicio de intercambio de archivos Samba permitía el acceso anónimo de lectura/escritura • https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40385
https://notcve.org/view.php?id=CVE-2021-40385
01 Sep 2021 — An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. Se ha detectado un problema en el software del servidor en Kaseya Unitrends Backup Software versiones anteriores a 10.5.5-2. Se presenta una escalada de privilegios de usuario de sólo lectura a administrador • https://csirt.divd.nl/csirt-divd-nl/cases/DIVD-2021-00014 •
CVSS: 9.0EPSS: 5%CPEs: 1EXPL: 0CVE-2021-40387
https://notcve.org/view.php?id=CVE-2021-40387
01 Sep 2021 — An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. Se ha detectado un problema en el software del servidor en Kaseya Unitrends Backup Software versiones anteriores a 10.5.5-2. Se presenta una ejecución de código remota autenticado • https://csirt.divd.nl/csirt-divd-nl/cases/DIVD-2021-00014 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30201 – Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
https://notcve.org/view.php?id=CVE-2021-30201
09 Jul 2021 — The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30121 – (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
https://notcve.org/view.php?id=CVE-2021-30121
09 Jul 2021 — Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 Inclusión de archivos locales semiautenticados El contenido de archivos arbitrarios puede ser devuelto por el servidor web Ejemplo de solicitud: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` Se requiere un ... • https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30120 – 2FA bypass in Kaseya VSA <= v9.5.6
https://notcve.org/view.php?id=CVE-2021-30120
09 Jul 2021 — Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. • https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30119 – Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
https://notcve.org/view.php?id=CVE-2021-30119
09 Jul 2021 — Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";