Kaseya: >> Unitrends Backup >> 10.0 Security Vulnerabilities
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker.
CVSS Score
9.8
EPSS Score
0.028
Published
2021-12-06
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-12-06
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-12-06
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes.
CVSS Score
9.8
EPSS Score
0.676
Published
2018-03-14
Page 2