Kace K2000 Systems Deployment Appliance Security Vulnerabilities and Issues — Kace K2000 Systems Deployment Appliance CVE List

Lucene search

DellKace K2000 Systems Deployment Appliance

5 matches found

CVE•added 2011/11/12 12:55 a.m.•41 views

CVE-2011-4046

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code.

5CVSS6.2AI score0.00294EPSS

CVE•added 2011/11/12 12:55 a.m.•39 views

CVE-2011-4048

The Dell KACE K2000 System Deployment Appliance has a default username and password for the read-only reporting account, which makes it easier for remote attackers to obtain sensitive information from the database by leveraging the default credentials.

4.3CVSS6.5AI score0.00533EPSS

CVE•added 2011/11/12 12:55 a.m.•38 views

CVE-2011-4436

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

3.5CVSS5.8AI score0.00288EPSS

CVE•added 2011/04/10 2:55 a.m.•35 views

CVE-2011-1672

The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password.

5CVSS6.5AI score0.00795EPSS

CVE•added 2011/11/12 12:55 a.m.•33 views

CVE-2011-4047

The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access.

9.3CVSS7.9AI score0.00833EPSS