Is CVE-2019-15506 actively exploited?

CVE-2019-15506 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2019-15506?

CVE-2019-15506 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

How do I patch CVE-2019-15506?

Patch guidance is available from kaseya security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2019-15506.

Which products are affected by CVE-2019-15506?

1 product: kaseya virtual system administrator.

Fix CVE-2019-15506 - HIGH | CVEDatabase.com

Description

An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected.

CVSS Metrics

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-306 · Missing Authentication

Metadata

Primary Vendor: KASEYA
Published: 8/26/2019
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2019-15506

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary