Vulnerability Details CVE-2019-15506
An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.8
References
- http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access/
- http://help.kaseya.com/WebHelp/EN/RN/index.asp#VSAReleaseNotes.htm
- http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access/
- http://help.kaseya.com/WebHelp/EN/RN/index.asp#VSAReleaseNotes.htm
Products affected by CVE-2019-15506
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.0.1.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.0.2.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.0.3.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.1.1.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.2.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.3.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.4.1.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.5.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.5.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.6.1.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.6.2.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.6.3.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.7.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:4.8.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:5.0.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:5.1.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.0.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.1.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.2.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.3.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.25
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:6.5.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.25
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.26
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.27
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.28
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.29
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.30
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.31
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.32
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.33
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.34
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.35
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:7.0.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.25
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.26
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.27
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.28
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:8.0.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.0.4.26
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.1
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.2
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.1.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.2.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.25
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.26
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.27
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.28
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.29
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.30
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.31
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.32
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.33
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.34
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.35
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.3.0.9
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.10
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.11
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.12
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.13
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.14
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.15
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.16
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.17
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.18
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.19
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.20
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.21
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.22
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.23
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.24
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.25
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.26
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.27
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.28
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.29
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.30
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.31
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.32
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.33
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.34
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.35
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.36
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.37
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.5
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.6
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.7
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.8
-
cpe:2.3:a:kaseya:virtual_system_administrator:9.4.0.9