Kace Systems Management Appliance
CVE-2022-30285
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
AnalysisAI
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-326. In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. Affected products include: Quest Kace Systems Management Appliance. Version information: through 12.0.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vu
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.1
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow fo
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical sev
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linkin
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveragi
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SA
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the user
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /comm
Same weakness CWE-326 – Inadequate Encryption Strength
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today