Vulnerability Description
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres superuser account. Remote code execution was possible, leading to full access to the postgres user account.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kaseya | Unitrends Backup | >= 10.0, < 10.5.5 |
Related Weaknesses (CWE)
References
- https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961Vendor Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961Vendor Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
- https://www.cyberonesecurity.com/blog/exploiting-kaseya-unitrends-backup-applianExploitThird Party Advisory
FAQ
What is CVE-2021-43035?
CVE-2021-43035 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and execute...
How severe is CVE-2021-43035?
CVE-2021-43035 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-43035?
Check the references section above for vendor advisories and patch information. Affected products include: Kaseya Unitrends Backup.