First published: Thu Feb 13 2020(Updated: )
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kaseya VSA Agent | >=7.0.0.0<7.0.0.33 | |
Kaseya VSA Agent | >=8.0.0.0<8.0.0.23 | |
Kaseya VSA Agent | >=9.0.0.0<9.0.0.19 | |
Kaseya VSA Agent | >=9.1.0.0<9.1.0.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-6589 is classified as a high severity vulnerability due to its potential to allow unauthorized file access and execution.
To fix CVE-2015-6589, upgrade Kaseya Virtual System Administrator to the latest version that addresses this vulnerability.
CVE-2015-6589 affects Kaseya Virtual System Administrator versions prior to 7.0.0.33, 8.0.0.23, 9.0.0.19, and 9.1.0.9.
CVE-2015-6589 is a directory traversal vulnerability that allows remote authenticated users to write and execute arbitrary files.
Not patching CVE-2015-6589 could lead to unauthorized access, data manipulation, and potential system compromise.