CVE-2017-18362
Kaseya VSA SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
86.7%
p100
KEV
YES
May 24, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
86.7%EPSS · 30 days86.7%
2026-06-302026-07-16
Product
Kaseya / Virtual System/Server Administrator (VSA)
Vulnerability
Kaseya VSA SQL Injection Vulnerability
Added to KEV
May 24, 2022
Remediate by
Jun 14, 2022
Known ransomware use
Yes
Summary description
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
Required action
The impacted product is end-of-life and should be disconnected if still in use.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-18362