Skip to main content

Kace Systems Management Appliance CVE-2019-10973

HIGH
Improper Input Validation (CWE-20)
2019-07-08 ics-cert@hq.dhs.gov
7.2
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 08, 2019 - 18:15 nvd
HIGH 7.2

DescriptionNVD

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

AnalysisAI

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-20. Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. Affected products include: Quest Kace Systems Management Appliance. Version information: version 8.0..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-11604 MEDIUM POC
6.1 May 24

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vu

CVE-2017-12567 CRITICAL
9.8 Aug 07

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.1

CVE-2022-30285 CRITICAL
9.8 Aug 02

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated

CVE-2022-29807 CRITICAL
9.8 Aug 02

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow fo

CVE-2019-12918 CRITICAL
9.8 Nov 06

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical sev

CVE-2019-13079 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2019-13078 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2019-13076 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2022-29808 HIGH
7.5 Aug 02

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linkin

CVE-2019-13077 MEDIUM
6.1 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SA

CVE-2019-12917 MEDIUM
6.1 Nov 06

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the user

CVE-2019-13081 MEDIUM
5.4 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /comm

Share

CVE-2019-10973 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy