Directory Traversal Vulnerability in Kaseya Virtual System Administrator
CVE-2015-2862

Currently unrated

Key Information:

Vendor: Kaseya
Status: Virtual System Administrator
Vendor: CVE Published:; 20 July 2015

What is CVE-2015-2862?

The directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) allows remote authenticated users to exploit the system by manipulating HTTP requests. This can result in unauthorized access to arbitrary files on the server, potentially exposing sensitive information that should otherwise be protected. Vulnerable versions of Kaseya VSA include 7.x prior to 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4. Organizations using affected versions are urged to apply the necessary patches to mitigate risks associated with this vulnerability.

References

http://www.kb.cert.org/vuls/id/919604

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2015
Vulnerability Reserved
Apr 3, 2015