Lucene search
K
QuestKace Desktop Authority

5 matches found

CVE
CVE
added 2021/12/22 5:8 a.m.249 views

CVE-2021-44029

CVE-2021-44029 affects Quest KACE Desktop Authority prior to 11.2. The issue allows remote code execution via deserialization in the RadAsyncUpload function of ASP.NET AJAX; exploitation is possible when encryption keys are known (related to CVE-2017-11317/11357 or other means). In newer ASP.NET ...

9.8CVSS9.6AI score0.00868EPSS
In wild
CVE
CVE
added 2021/12/22 5:8 a.m.73 views

CVE-2021-44031

CVE-2021-44031 concerns Quest KACE Desktop Authority prior to 11.2. The issue is described as a vulnerability in /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx that could enable pre-authentication remote code execution, with an attacker able to upload a .ASP file to reside ...

9.8CVSS9.7AI score0.02098EPSS
Web
CVE
CVE
added 2021/12/22 5:3 a.m.72 views

CVE-2021-44028

CVE-2021-44028 : XXE vulnerability in Quest KACE Desktop Authority before 11.2 due to attacker-controlled log4net configuration files. The initial description ties the issue to a log4net configuration weakness (related to CVE-2018-1285). Connected documents do not provide further product-specific...

5.5CVSS7AI score0.03001EPSS
CVE
CVE
added 2021/12/22 5:7 a.m.57 views

CVE-2021-44030

CVE-2021-44030 affects Quest KACE Desktop Authority before 11.2. The issue is a Cross-Site Scripting (XSS) vulnerability where untrusted HTML can reach jQuery.htmlPrefilter, as described across multiple connected sources. Root cause: unvalidated HTML reaches the jQuery prefilter. Impact: XSS pote...

6.1CVSS5.9AI score0.04162EPSS
CVE
CVE
added 2026/01/12 12:0 a.m.26 views

CVE-2025-67813

CVE-2025-67813 affects Quest KACE Desktop Authority up to and including version 11.3.1. The vulnerability is insecure permissions on named pipes used for inter-process communication, exposing IPC to inappropriate access or manipulation. Impact is described in connected sources as insecure named p...

5.3CVSS6.6AI score0.00197EPSS