Skip to main content

Kace Systems Management Appliance CVE-2022-29808

HIGH
Use of Insufficiently Random Values (CWE-330)
2022-08-02 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 02, 2022 - 22:15 nvd
HIGH 7.5

DescriptionNVD

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.

AnalysisAI

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-330. In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Affected products include: Quest Kace Systems Management Appliance. Version information: through 12.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2019-11604 MEDIUM POC
6.1 May 24

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vu

CVE-2017-12567 CRITICAL
9.8 Aug 07

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.1

CVE-2022-30285 CRITICAL
9.8 Aug 02

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated

CVE-2022-29807 CRITICAL
9.8 Aug 02

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow fo

CVE-2019-12918 CRITICAL
9.8 Nov 06

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical sev

CVE-2019-13079 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2019-13078 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2019-13076 HIGH
8.8 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS

CVE-2019-10973 HIGH
7.2 Jul 08

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveragi

CVE-2019-13077 MEDIUM
6.1 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SA

CVE-2019-12917 MEDIUM
6.1 Nov 06

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the user

CVE-2019-13081 MEDIUM
5.4 Nov 06

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /comm

Share

CVE-2022-29808 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy