Skip to main content

Kace Desktop Authority

5 CVEs product

Monthly

CVE-2025-67813 MEDIUM This Month

Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2021-44031 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2021-44030 MEDIUM This Month

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kace Desktop Authority
NVD
CVSS 3.1
6.1
EPSS
4.2%
CVE-2021-44029 CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Kace Desktop Authority
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2021-44028 MEDIUM This Month

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Kace Desktop Authority
NVD
CVSS 3.1
5.5
EPSS
3.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Kace Desktop Authority
NVD
EPSS 4% CVSS 6.1
MEDIUM This Month

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kace Desktop Authority
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Kace Desktop Authority
NVD
EPSS 3% CVSS 5.5
MEDIUM This Month

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Kace Desktop Authority
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy