Kaseya Unitrends Backup — known CVE vulnerabilities
Every CVE whose affected-product data names Kaseya Unitrends Backup, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2021-43044 — CVSS 9.8 (critical): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.
CVE-2017-12478 — CVSS 9.8 (critical): It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input…
CVE-2018-6328 — CVSS 9.8 (critical): It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could…
CVE-2021-43033 — CVSS 9.8 (critical): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to…
CVE-2021-43035 — CVSS 9.8 (critical): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were…
CVE-2021-43036 — CVSS 9.8 (critical): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak.
CVE-2021-43042 — CVSS 9.8 (critical): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This…
CVE-2017-12477 — CVSS 9.8 (critical): It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue…
CVE-2021-43040 — CVSS 8.8 (high): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create…
CVE-2017-12479 — CVSS 8.8 (high): It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable…
CVE-2021-43038 — CVSS 8.8 (high): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into…
CVE-2021-43041 — CVSS 8.8 (high): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string…
CVE-2021-43037 — CVSS 7.8 (high): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and…
CVE-2021-43034 — CVSS 7.8 (high): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary…
CVE-2021-43039 — CVSS 6.5 (medium): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write…
CVE-2021-43043 — CVSS 6.5 (medium): An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow…