A researcher has uncovered a pair of vulnerabilities in the Kaseya VSA IT management platform. An open redirect could be used to force users to visit an attacker-controlled sites. The vulnerabilities affect several versions of VSA, including R9.1, R9, R8, and version 7.0.x. Kasey VSA is a platform designed to handle a wide variety of IT management tasks, including audit, inventory, security, patch management, backup and recovery, and others.
Source: https://threatpost.com/kaseya-patches-two-bugs-in-vsa-it-management-platform/113760/