Kace Desktop Authority Security Vulnerabilities and Issues — Kace Desktop Authority CVE List

Lucene search

QuestKace Desktop Authority

4 matches found

CVE•added 2021/12/22 6:15 a.m.•208 views

CVE-2021-44029

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due ...

9.8CVSS9.6AI score0.92808EPSS

CVE•added 2021/12/22 6:15 a.m.•59 views

CVE-2021-44031

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

9.8CVSS9.7AI score0.03525EPSS

CVE•added 2021/12/22 6:15 a.m.•55 views

CVE-2021-44028

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

5.5CVSS7AI score0.49024EPSS

CVE•added 2021/12/22 6:15 a.m.•41 views

CVE-2021-44030

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.

6.1CVSS5.9AI score0.00526EPSS