CVE-2017-18362: Kaseya VSA SQL Injection Vulnerability. ConnectWise

Kaseya VSA SQL Injection Vulnerability. ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

• CISA KEV-listed (remediation due 2022-06-14)
• used in ransomware campaigns
• EPSS 81.1% (99.2% percentile)

Browse the CVE database

Read the full analysis on IntelFusions