Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2017-18362

Kaseya | Virtual System/Server Administrator (VSA)Added 2022-05-24Remediation Deadline 2022-06-14Active Ransomware Campaign

Kaseya VSA SQL Injection Vulnerability

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

Required Action

The impacted product is end-of-life and should be disconnected if still in use.

Weakness Classification

CWE-89

References