Connectwise API Vulnerability

Please read this important information regarding a potential security vulnerability with the Connectwise-developed Plug-in for Kaseya VSA. 

In 2017 Connectwise announced a vulnerability in their Plugin that allows multiple operations to be performed on a Kaseya server without authentication.  Upon discovery of this flaw, Connectwise released an update intended to patch this vulnerability.  

Kaseya has detected that an extremely small number of customers either may not have installed the update from Connectwise or may have installed this update incorrectly.

Update and Remediation

Kaseya takes security very seriously and recommends that all customers using the Connectwise Plugin for VSA upgrade to the newly released version of the Plugin immediately or alternatively remove all versions of this Plugin. 

Connectwise has published their updated Plugin on their website at:

https://marketplace.connectwise.com/kaseya.

Please note, this is a Connectwise product and that they are solely responsible for its proper operation. 

Affected Customers

This only impacts Connectwise users who have the Plugin installed on their on-premises VSA.

If you have any questions on how to determine if you are affected by the Connectwise vulnerability please do not hesitate to contact support at https://helpdesk.kaseya.com.

Was this article helpful?
2 out of 3 found this helpful
Have more questions? Contact us