Описание
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 7.0.0.0 (включая) до 7.0.0.33 (исключая)Версия от 8.0.0.0 (включая) до 8.0.0.23 (исключая)Версия от 9.0.0.0 (включая) до 9.0.0.19 (исключая)Версия от 9.1.0.0 (включая) до 9.1.0.9 (исключая)
Одно из
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13155
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
EPSS
Процентиль: 94%
0.13155
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-22