CVE-2019-15506
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.
Se descubrió un problema en Kaseya Virtual System Administrator (VSA) versiones hasta 9.4.0.37. Presenta una vulnerabilidad crítica de divulgación de información. Un atacante no autenticado puede enviar apropiadamente peticiones con formato hacia la aplicación web y descargar archivos e información confidenciales. Por ejemplo, el directorio /DATAREPORTS puede ser recogido para informes. Debido a que este directorio contiene los resultados de reportes como NMAP, estado de parches y metadatos de dominio de Active Directory, un atacante puede recabar fácilmente esta información crítica y analizarla para su información. Existen varios directorios afectados.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-23 CVE Reserved
- 2019-08-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://help.kaseya.com/WebHelp/EN/RN/index.asp#VSAReleaseNotes.htm | 2021-07-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kaseya Search vendor "Kaseya" | Virtual System Administrator Search vendor "Kaseya" for product "Virtual System Administrator" | <= 9.4.0.37 Search vendor "Kaseya" for product "Virtual System Administrator" and version " <= 9.4.0.37" | - |
Affected
|