CVE-2015-2863
CVE-2015-2863
Vexday Risk Score
65High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 10.3%KEV nãoPoC públicaNuclei simMetasploit —Patch —
Lifecycle
15 Jul 2015Public PoC
20 Jul 2015Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/37621unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://www.kb.cert.org/vuls/id/919604