CVE-2021-30116

Kaseya | Virtual System/Server Administrator (VSA)Added 2021-11-03Remediation Deadline 2021-11-17Active Ransomware Campaign

Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability

Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-522

References

https://nvd.nist.gov/vuln/detail/CVE-2021-30116

Cybersecurity Alerts

CVE-2021-30116

Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability

Required Action

Weakness Classification

References