CVE-2021-30121
MEDIUMSemi-authenticated local file inclusion - Path Traversal
Title source: llmDescription
Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A valid sessionId is required but can be easily obtained via CVE-2021-30118
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
Patch, Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/DIVD-2021-00011
Exploit, Third Party Advisory x_refsource_confirm
https://csirt.divd.nl/CVE-2021-30121
Scores
CVSS v3
6.5
EPSS
0.0483
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-829
Status
published
Products (1)
kaseya/vsa
< 9.5.6
Published
Jul 09, 2021
Tracked Since
Feb 18, 2026