CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30201 – Unauthenticated XML External Entity vulnerability in Kaseya VSA < v9.5.6
https://notcve.org/view.php?id=CVE-2021-30201
09 Jul 2021 — The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30121 – (Semi-)Authenticated local file inclusion in Kaseya VSA < v9.5.6
https://notcve.org/view.php?id=CVE-2021-30121
09 Jul 2021 — Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 Inclusión de archivos locales semiautenticados El contenido de archivos arbitrarios puede ser devuelto por el servidor web Ejemplo de solicitud: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` Se requiere un ... • https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-30120 – 2FA bypass in Kaseya VSA <= v9.5.6
https://notcve.org/view.php?id=CVE-2021-30120
09 Jul 2021 — Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting proxy (e.g. • https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure • CWE-669: Incorrect Resource Transfer Between Spheres •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30119 – Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
https://notcve.org/view.php?id=CVE-2021-30119
09 Jul 2021 — Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";