Every CVE whose affected-product data names Kaseya Vsa, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-30120 — CVSS 9.9 (critical): Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement. The need to use 2FA for authentication in enforce client-side…
CVE-2021-30117 — CVSS 9.8 (critical): The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId…
CVE-2021-30118 — CVSS 9.8 (critical): An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM)…
CVE-2021-30201 — CVSS 7.5 (high): The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. When this XML is processed (external) entities are insecurely…
CVE-2019-14510 — CVSS 6.7 (medium): An issue was discovered in Kaseya VSA RMM through 9.5.0.22. When using the default configuration, the LAN Cache feature creates a local…
CVE-2021-30121 — CVSS 6.5 (medium): Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request…
CVE-2021-30119 — CVSS 5.4 (medium): Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the…