Kace Systems Management Appliance
CVE-2019-10973
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
AnalysisAI
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-20. Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. Affected products include: Quest Kace Systems Management Appliance. Version information: version 8.0..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vu
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.1
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow fo
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical sev
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linkin
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SA
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the user
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /comm
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today