Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HKaseya Virtual System Administrator
APPKaseya7.0.0.0 – 7.0.0.33 (bez)8.0.0.0 – 8.0.0.23 (bez)9.0.0.0 – 9.0.0.19 (bez)9.1.0.0 – 9.1.0.9 (bez)
Related vulnerabilities
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote ...
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9...
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical infor...
It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition whe...
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0...