CVE-2021-43035

Name of the Vulnerable Software and Affected Versions Kaseya Unitrends Backup Appliance versions prior to 10.5.5

Description An issue was discovered in the software, involving two unauthenticated SQL injection vulnerabilities. These vulnerabilities allow arbitrary SQL queries to be injected and executed under the postgres superuser account, leading to remote code execution and full access to the postgres user account.

Recommendations For versions prior to 10.5.5, update to version 10.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the postgres superuser account to minimize the risk of exploitation.