16 matches found
CVE-2022-29808
CVE-2022-29808 affects Quest KACE Systems Management Appliance (SMA) up to and including 12.0, where appliance linking enables predictable token generation. This is the root cause described in connected records, tied to SMA versions prior to 12.0 and remediated by upgrading to 12.0 or later. The ...
CVE-2022-29807
The CVE-2022-29807 entry affects Quest KACE Systems Management Appliance (SMA). The vulnerability is a SQL injection in the download_agent_installer.php endpoint that can lead to remote code execution. Affected are SMA versions prior to 12.0; versions 12.0 or later are patched. Remediation: updat...
CVE-2022-30285
CVE-2022-30285 affects Quest KACE Systems Management Appliance (SMA) up to version 12.0. The vulnerability arises from a hash collision in the authentication process, which may allow authentication with invalid credentials. Severity is high (CVSSv3.1: 9.8, network attack vector, no user interacti...
CVE-2017-12567
Summary (CVE-2017-12567) : Concrete SQL injection vulnerability reported affecting Quest KACE products: Asset Management Appliance 6.4.120822–7.2, Systems Management Appliance 6.4.120822–7.2.101, and K1000 as a Service 7.0–7.2. The issues stem from SQL injection in affected components, enabling r...
CVE-2019-11604
CVE-2019-11604 affects Quest KACE Systems Management Appliance prior to 9.1. The issue is an unauthenticated reflected Cross-Site Scripting vulnerability in the web interface: input delivered to the GET parameter of /service/kbot_service_notsoap.php is not properly validated or sanitized, allowin...
CVE-2022-38220
CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...
CVE-2019-10973
CVE-2019-10973 affects Quest KACE Systems Management Appliance (SMA). The vulnerability is due to improper input validation that allows unintentional access to the appliance via troubleshooting tools in the administrator UI. Affected products include KACE SMA versions 8.0.x, 8.1.x, and 9.0.x. The...
CVE-2025-32975
CVE-2025-32975 affects Quest KACE SMA versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4). The issue is an authentication bypass in the SSO authentication handling mechanism that could allow an atta...
CVE-2019-13081
CVE-2019-13081 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The web application vulnerability permits an authenticated user to inject and execute arbitrary JavaScript in a service desk user’s browser via the title field in /common/ticket_associated_tickets.php. The root ...
CVE-2019-12918
CVE-2019-12918 affects Quest KACE Systems Management Appliance Server Center v9.1.317. Multiple connected sources confirm a SQL injection vulnerability in the file software_library.php, targeting parameters order[0][column] and order[0][dir]. The root cause is insufficient validation of externall...
CVE-2019-12917
The CVE-2019-12917 entry describes a reflected XSS in Quest KACE Systems Management Appliance Server Center 9.1.317, specifically affecting the userui/software_library.php component via PATH_INFO. Connected documents corroborate a cross-site scripting vulnerability stemming from improper validati...
CVE-2019-13076
CVE-2019-13076 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is a SQL injection in the /userui/ticket_list.php component, using parameters order[0][column] and order[0][dir]. An authenticated user can potentially execute arbitrary SQL commands against th...
CVE-2019-13077
CVE-2019-13077 affects Quest KACE Systems Management Appliance Server Center version 9.1.317, where an XSS flaw is exploitable via the sam_detail_titled.php SAM_TYPE parameter. This allows an attacker to craft a malicious link that could execute script in the context of authenticated users. Root ...
CVE-2019-13080
The CVE-2019-13080 vulnerability affects Quest KACE Systems Management Appliance Server Center 9.1.317. A cross-site scripting (XSS) flaw exists in the web interface that can be triggered via an SVG image and an HTML file, allowing an authenticated administrator to have arbitrary JavaScript execu...
CVE-2019-13079
CVE-2019-13079 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is an SQL injection in the /adminui/history_log.php endpoint, targeting the TYPE_NAME parameter. An authenticated user can potentially alter the database or execute arbitrary commands via the i...
CVE-2019-13078
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection in /common/user_profile.php (parameter sort_column). An authenticated user can execute arbitrary SQL commands against the underlying database. Root cause cited in CNVD reports as lack of validation of ext...