MEDIUM🇬🇧 English

CVE-2021-30121

CVSS 6.5v3.1pub. 2021-07-09upd. 2024-11-21

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • Kaseya Vsa

    APP
    Kaseya
    < 9.5.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-30117CRITICAL9.8ten sam produkt

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injectio...

CVE-2021-30118CRITICAL9.8ten sam produkt

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monito...

CVE-2021-30120CRITICAL9.9ten sam produkt

Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication...

CVE-2021-30201HIGH7.5ten sam produkt

The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) en...

CVE-2021-30119MEDIUM5.4ten sam produkt

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp i...

CVE-2021-30121 — MEDIUM 6.5 | CVEbaza.pl