{"vuid":"VU#919604","idnumber":"919604","name":"Kaseya Virtual System Administrator contains multiple vulnerabilities","keywords":["kaseya","vsa","path traversal","open redirect"],"overview":"Kaseya Virtual System Administrator (VSA), versions R9 and possibly earlier, contains arbitrary file download and open redirect vulnerabilities.","clean_desc":"CWE-22: Improper Limitation of Pathname to a Restricted Directory ('Path Traversal') - CVE-2015-2862 Kaseya VSA is an IT management platform with a help desk ticketing system. An authenticated attacker can traverse directories and download arbitrary files by submitting a specially crafted HTTP request to the server hosting the VSA software. CWE-601: URL Redirection to Untrusted Site ('Open Redirect') - CVE-2015-2863 Kaseya VSA, versions V7.x, R8.x and R9.x, contain an open redirect vulnerability. An attacker may be able to leverage users' trust in the domain to induce them to visit a site with malicious content. The CVSS score below refers to CVE-2015-2862.","impact":"A remote, authenticated attacker can download arbitrary files. A remote, unauthenticated attacker may be able to redirect users to arbitrary web sites.","resolution":"Apply an update The vendor has released the following patches to address these issues: R9.1: install patch 9.1.0.4\nR9.0: install patch 9.0.0.14\nR8.0: install patch 8.0.0.18\nV7.0: install patch 7.0.0.29","workarounds":"","sysaffected":"","thanks":"Thanks to Pedro Ribeiro (pedrib@gmail.com) of Agile Information Security for reporting these vulnerabilities.","author":"This document was written by Joel Land.","public":["http://www.kaseya.com/solutions/virtual-administrator","http://cwe.mitre.org/data/definitions/22.html","http://cwe.mitre.org/data/definitions/601.html"],"cveids":["CVE-2015-2862","CVE-2015-2863"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-04-27T13:08:39Z","publicdate":"2015-07-13T00:00:00Z","datefirstpublished":"2015-07-13T17:05:23Z","dateupdated":"2015-07-13T17:05:23Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"P","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"N","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","cvss_temporalscore":"3.4","cvss_environmentalscore":"2.52290112102","cvss_environmentalvector":"CDP:N/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}