Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Unitrends_backup
(Kaseya)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-12-06 | CVE-2021-43043 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. | Unitrends_backup | 6.5 | ||
| 2021-12-06 | CVE-2021-43044 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. | Unitrends_backup | 9.8 | ||
| 2022-04-15 | CVE-2021-40386 | Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code. | Unitrends_backup | 9.8 | ||
| 2017-08-07 | CVE-2017-12477 | It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. | Unitrends_backup | 9.8 | ||
| 2017-08-07 | CVE-2017-12478 | It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. | Unitrends_backup | 9.8 | ||
| 2017-08-07 | CVE-2017-12479 | It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment variable during a web session to elevate an existing low-privilege user to root privileges. A remote attacker with existing low-privilege credentials could then execute arbitrary commands with root privileges. | Unitrends_backup | 8.8 | ||
| 2018-03-14 | CVE-2018-6328 | It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then could allow an unauthenticated user to inject arbitrary commands into its /api/hosts parameters using backquotes. | Unitrends_backup | 9.8 |