CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-30121

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.8%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
https://csirt.divd.nl/CVE-2021-30121
https://csirt.divd.nl/DIVD-2021-00011
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
https://csirt.divd.nl/CVE-2021-30121
https://csirt.divd.nl/DIVD-2021-00011

Products affected by CVE-2021-30121

Kaseya » Vsa » Version: N/A

cpe:2.3:a:kaseya:vsa:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-30121

Products

Pricing

Contact Us