← ExploitWatch
HomeExploited Vulnerabilities

CVE-2017-18362 — Actively Exploited: Virtual System/Server Administrator (VSA) (Kaseya)

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

CVE IDCVE-2017-18362
VendorKaseya
ProductVirtual System/Server Administrator (VSA)
Vulnerability nameKaseya VSA SQL Injection Vulnerability
Date added2022-05-24
Remediation due2022-06-14
Known ransomware useKnown
Required actionThe impacted product is end-of-life and should be disconnected if still in use.
DescriptionConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →