CVE-2017-18362 — Actively Exploited: Virtual System/Server Administrator (VSA) (Kaseya)
ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.
| CVE ID | CVE-2017-18362 |
|---|---|
| Vendor | Kaseya |
| Product | Virtual System/Server Administrator (VSA) |
| Vulnerability name | Kaseya VSA SQL Injection Vulnerability |
| Date added | 2022-05-24 |
| Remediation due | 2022-06-14 |
| Known ransomware use | Known |
| Required action | The impacted product is end-of-life and should be disconnected if still in use. |
| Description | ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →