Product
kaseya unitrends backup
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2021-40386
CVE-2021-43044
CVE-2021-43043
CVE-2021-43042
CVE-2021-43041
CVE-2021-43040
CVE-2021-43039
CVE-2021-43038
CVE-2021-43037
CVE-2021-43036
CVE-2021-43035
CVE-2021-43034
CVE-2021-43033
CVE-2020-8427
CVE-2018-6329
CVE-2018-6328
CVE-2017-12479
CVE-2017-12478
CVE-2017-12477
<= 10.5.5
Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers to execute arbitrary code.
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default com
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /et
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vu
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to creat
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL inje
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute a
>= 10.0 and < 10.5.5
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulner
< 10.4.1
In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing for SQL injection that resulted
< 10.1.10
It was discovered that the Unitrends Backup (UB) before 10.1.0 libbpext.so authentication could be bypassed with a SQL injection,
< 10.1
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an authentication bypass, which then
<= 9.1
It was discovered that an issue in the session logic in Unitrends Backup (UB) before 10.0.0 allowed using the LOGDIR environment v
< 10.0
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input
< 10.0
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0, as invoked through xinetd, has a