Follow

Response to Security Vulnerability CVE-2015-2862 & CVE-2015-2863

For information on the reported security vulnerabilities, please review:  https://www.kb.cert.org/vuls/id/919604

 

CVE-2015-2862 – Path Traversal

Affected Product:

Kaseya Virtual Systems Administrator (VSA) On-Premises

*Note Kaseya VSA SaaS has been patched, no action is required

Affected Versions:

9.1.0.0 to 9.1.0.3
9.0.0.0 to 9.0.0.13
8.0.0.0 to 8.0.0.17
7.0.0.0 to 7.0.0.28

Description:

Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated user can send a specially crafted HTTP message to traverse directories and download arbitrary files from the server hosting the VSA software.

Solution:

Apply the patch listed below for the applicable version:

R9.1 – Install patch: 9.1.0.4
R9.0 – Install patch 9.0.0.14
R8.0 – Install patch 8.0.0.18
V7.0 – Install patch 7.0.0.29

CVE-2015-2863 – Open Redirect

Affected Product:

Kaseya Virtual Systems Administrator (VSA) On-Premises

*Note Kaseya VSA SaaS has been patched, no action is required

Affected Versions:

9.1.0.0 to 9.1.0.2
9.0.0.0 to 9.0.0.13
8.0.0.0 to 8.0.0.17
7.0.0.0 to 7.0.0.28

Description:

Kaseya Virtual System Administrator (VSA) versions V7.x, R8.x and R9.x contain an open redirect vulnerability. An attacker may be able to leverage users' trust in the domain to induce them to click a link to a Kaseya server with special parameters and then be redirected to a site with malicious content.

Solution:

Apply the patch listed below for the applicable version:

R9.1 – Install patch: 9.1.0.3
R9.0 – Install patch 9.0.0.14
R8.0 – Install patch 8.0.0.18
V7.0 – Install patch 7.0.0.29

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.