Kaseya Releases Patches for Vulnerabilities Exploited in Ransomware Attack

Kaseya Patches
Share It On:

13th July 2021, Kathmandu

Patches have been released for vulnerabilities exploited in ransomware attacks by Kaseya. A software patch has been released by software vendor Kaseya located in Florida. Critical vulnerabilities were used to target more than 1500 businesses worldwide as part of a supply-chain ransomware attack. The organization had requested customers to shut down their server until the patch is deployed. The fix has been implemented after 10 days for the three flaws.

CVE-2021-30116 – Credentials leak + business logic flaw

CVE-2021-30119 – Cross-site scripting vulnerability

CVE-2021-30120 – Two-factor authentication bypass

The newer version available is VSA version 9.5.7a (9.5.7.2994)

Dutch Institute for Vulnerability Disclosure had been discovered and ethically reported to Kaseya.

The vulnerabilities included SQL injection, remote code execution, local file inclusion, and XML external entity vulnerability, which has now been fixed.

A mandatory password change has been imposed upon the customers by Kaseya, and services are now being restored (more than 60% have been restored already).

Multiple flaws had been chained for the sophisticated attack.


Share It On:

Recent Posts

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and Banking Stability

NRB’s NPR 6.8 Billion Investment: Strengthening Nepal’s Financial Future and

Share It On:23rd November 2024, Kathmandu Nepal’s Central Bank, Nepal Rastra Bank (NRB), has announced a significant investment of NPR

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural Development

Nepal’s ADB Prioritizes Farmers’ Welfare for Economic Growth and Agricultural

Share It On: 23rd November 2024, Kathmandu The Agricultural Development Bank (ADB) is recognized as a vital institution for Nepal’s

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future Outlook

Ridi Power’s 23rd AGM Concludes: Key Decisions, Investments, and Future

Share It On: 23rd November 2024, Kathmandu Ridi Power Company Limited wrapped up its annual shareholder meeting, the 23rd Annual

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender In Nepal

Nepal Oman Financial Ties Strengthen: Omani Rial Now Legal Tender

Share It On: 22nd November 2024, Kathmandu A significant step has been taken towards strengthening financial ties between Nepal and

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future Plans

Liberty Energy Rights Shares Offering: Eligibility, Application Process, and Future

Share It On:22nd November 2024, Kathmandu Liberty Energy Company Limited is gearing up to issue rights shares starting December 1,

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Asha Laghubitta’s 8th AGM 2024: Key Decisions and Future Plans

Share It On:22nd November 2024, Kathmandu Asha Laghubitta Bittiya Sanstha is holding its 8th Annual General Meeting (AGM) today, November