CVE-2017-18362
Kaseya VSA SQL Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
86.7%
p100
KEV
SÍ
24 may 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
86.7%EPSS · 30 días86.7%
2026-06-302026-07-16
Producto
Kaseya / Virtual System/Server Administrator (VSA)
Vulnerabilidad
Kaseya VSA SQL Injection Vulnerability
Añadido a KEV
24 may 2022
Remediar antes de
14 jun 2022
Uso conocido en ransomware
Sí
Descripción resumida
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
Acción requerida
The impacted product is end-of-life and should be disconnected if still in use.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2017-18362