CVE-2021-30116 - Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
Project:Kaseya
Product:Virtual System/Server Administrator (VSA)
Date Added:2021-11-03Due Date:2021-11-17
Vulnerability Name
Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability
Description
Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-30116