CVE-2021-30119
published 2021-07-09CVE-2021-30119: Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page…
PriorityP181medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
59.63%
99.0th percentile
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=alert(document.cookie)` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kaseya | vsa | < 9.5.7 | 9.5.7 |
Detection & IOCsextracted from sources · hover to see the quote
url/done.asp?FileName=";alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078↗
- →Monitor HTTP requests to /HelpDeskTab/rcResults.asp for script injection payloads in the 'result' query parameter ↗
- →Monitor HTTP requests to /done.asp for script injection payloads in the 'FileName' query parameter ↗
- →CVE-2021-30119 was exploited by REvil ransomware group in July 2021 as part of a supply-chain attack on managed service providers, alongside CVE-2021-30116 and CVE-2021-30120; treat exploitation as indicative of broader REvil intrusion activity ↗
- ·Exploitation requires authentication; the XSS is reflected and authenticated, limiting unauthenticated attack surface but still relevant in post-auth compromise chains (e.g., session hijacking via document.cookie) ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vulncheck5.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f43v-wh9x-rgq6: Cross Site Scripting (XSS) exists in Kaseya VSA before 9
ghsa_unreviewed·2022-05-24
CVE-2021-30119 [MEDIUM] CWE-79 GHSA-f43v-wh9x-rgq6: Cross Site Scripting (XSS) exists in Kaseya VSA before 9
Cross Site Scripting (XSS) exists in Kaseya VSA before 9.5.7.
VulnCheck
Kaseya vsa Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 5.4
CVE-2021-30119 [MEDIUM] Kaseya vsa Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Kaseya vsa Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=alert(document.cookie)` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
Affected: Kaseya vsa
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Ca
No detection rules found.
No public exploits indexed.
Trendmicro
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
blogs_trendmicro·2023-03-02
Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
Ransomware
# Leveraging Data Science to Minimize the Blast Radius of Ransomware Attacks
In this blog entry, we present a case study that illustrates how data-science techniques can be used to gain valuable insights about ransomware groups' targeting patterns as detailed in our research paper, “What Decision-Makers Need to Know About Ransomware Risk.”
By: Vladimir Kropotov, Robert McArdle, Fyodor Yarochkin, Shingo Matsugaya
2023/03/02
Read time: ( words)
Save to Folio
In partnership with: Erin Burns, Eireann Leverett of Waratah Analytics
As ransomware groups continue to build on their arsenal of tactics, techniques, and procedures (TTPs), it's essential for cybersecurity professionals to assess the levels of risk to their organizations using multiple sources of information for a comp
Sentinelone
REvil
blogs_sentinelone·2022-11-30
REvil
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Tenable
Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out
blogs_tenable·2022-03-11
Behind the Scenes: How We Picked 2021’s Top Vulnerabilities – and What We Left Out
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2021-30116: Multiple Zero-Day Vulnerabilities in Kaseya VSA Exploited to Distribute REvil Ransomware
blogs_tenable·2021-07-06·CVSS 10.0
[CRITICAL] CVE-2021-30116: Multiple Zero-Day Vulnerabilities in Kaseya VSA Exploited to Distribute REvil Ransomware
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Sentinelone
REvil
blogs_sentinelone
REvil
# REvil Ransomware: In-Depth Analysis, Detection, and Mitigation
As if ransomware itself wasn’t dangerous enough, a new type of attack involving ransomware is making waves in the cybersecurity community. Ransomware-as-a-Service (RaaS) operations are becoming more common and more profitable for threat actors looking to launch a variety of attacks. One such operation is known as REvil, and involved a core team of threat actors offering the malware to other attackers for a price.
Although the Russian Federal Security Service claims to have dismantled REvil and charged several of the ransomware group’s members, a deeper look at this type of ransomware and RaaS can help organizations protect themselves against these types of attacks in the future.
## What Is REvil Ransomware?
REvil ransomwa
2021-07-09
Published
Exploited in the wild