Skip to main content

Kace Systems Management Appliance

14 CVEs product

Monthly

CVE-2022-30285 CRITICAL Act Now

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29808 HIGH This Week

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-29807 CRITICAL Act Now

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-13081 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13080 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kace Systems Management Appliance
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2019-13079 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13078 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-13077 MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-13076 HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-12918 CRITICAL Act Now

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-12917 MEDIUM This Month

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-10973 HIGH PATCH This Week

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kace Systems Management Appliance
NVD
CVSS 3.0
7.2
EPSS
2.4%
CVE-2019-11604 MEDIUM POC This Month

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2017-12567 CRITICAL Act Now

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kace Asset Management Appliance Kace Systems Management Appliance K1000 As A Service
NVD
CVSS 3.0
9.8
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
EPSS 1% CVSS 7.5
HIGH This Week

In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kace Systems Management Appliance
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kace Systems Management Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Kace Systems Management Appliance
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kace Systems Management Appliance
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Kace Systems Management Appliance
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kace Asset Management Appliance Kace Systems Management Appliance +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy