CVE-2017-18362 - Kaseya VSA SQL Injection Vulnerability
Project:Kaseya
Product:Virtual System/Server Administrator (VSA)
Date Added:2022-05-24Due Date:2022-06-14
Vulnerability Name
Kaseya VSA SQL Injection Vulnerability
Description
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
Known To Be Used in Ransomware Campaigns?
Known
Action
The impacted product is end-of-life and should be disconnected if still in use.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-18362