kaseya 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk xxe and vendor risk file inclusion などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2021-40386 | Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | [email protected] | 9.8 | 2.51% | 2022-04-15 | 2024-11-21 |
| CVE-2021-43044 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | [email protected] | 9.8 | 0.61% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43043 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. | [email protected] | 6.5 | 0.39% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43042 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. | [email protected] | 9.8 | 3.28% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43041 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. | [email protected] | 8.8 | 1.42% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43040 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. | [email protected] | 8.8 | 0.74% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43039 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. | [email protected] | 6.5 | 0.29% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43038 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest user to the postgres user. | [email protected] | 8.8 | 2.26% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43037 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM. | [email protected] | 7.8 | 0.12% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43036 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. | [email protected] | 9.8 | 0.61% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43035 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account. | [email protected] | 9.8 | 4.05% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43034 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. | [email protected] | 7.8 | 0.10% | 2021-12-06 | 2024-11-21 |
| CVE-2021-43033 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused by untrusted input (received by the server) being passed to system calls. | [email protected] | 9.8 | 10.96% | 2021-12-06 | 2024-11-21 |
| CVE-2021-40387 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is authenticated remote code execution. | [email protected] | 8.8 | 5.70% | 2021-09-01 | 2024-11-21 |
| CVE-2021-40385 | An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin. | [email protected] | 8.8 | 0.43% | 2021-09-01 | 2024-11-21 |
| CVE-2021-30201 | The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely processed and fetched by the system and returned to the attacker. Detailed description Given the following request: ``` POST /vsaWS/KaseyaWS.asmx HTTP/1.1 Content-Type: text/xml;charset=UTF-8 Host: 192.168.1.194:18081 Content-Length: 406 <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:kas="KaseyaWS"> <soapenv:Header/> <soapenv:Body> | [email protected] | 7.5 | 0.33% | 2021-07-09 | 2024-11-21 |
| CVE-2021-30121 | Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118 | [email protected] | 6.5 | 0.37% | 2021-07-09 | 2024-11-21 |
| CVE-2021-30120 | Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side instead of server-side and can be bypassed using a local proxy. Thus rendering 2FA useless. Detailed description --- During the login process, after the user authenticates with username and password, the server sends a response to the client with the booleans MFARequired and MFAEnroled. If the attacker has obtained a password of a user and used an intercepting pro | [email protected] | 9.9 | 0.41% | 2021-07-09 | 2024-11-21 |
| CVE-2021-30119 | Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&Fi | [email protected] | 5.4 | 0.19% | 2021-07-09 | 2024-11-21 |
| CVE-2021-30118 | An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` P | [email protected] | 9.8 | 58.63% | 2021-07-09 | 2024-11-21 |