Lucene search
K
QuestKace Systems Management Appliance

16 matches found

CVE
CVE
•added 2022/08/02 9:35 p.m.•78 views

CVE-2022-29808

CVE-2022-29808 affects Quest KACE Systems Management Appliance (SMA) up to and including 12.0, where appliance linking enables predictable token generation. This is the root cause described in connected records, tied to SMA versions prior to 12.0 and remediated by upgrading to 12.0 or later. The ...

7.5CVSS7.5AI score0.00624EPSS
CVE
CVE
•added 2022/08/02 9:42 p.m.•77 views

CVE-2022-29807

The CVE-2022-29807 entry affects Quest KACE Systems Management Appliance (SMA). The vulnerability is a SQL injection in the download_agent_installer.php endpoint that can lead to remote code execution. Affected are SMA versions prior to 12.0; versions 12.0 or later are patched. Remediation: updat...

9.8CVSS9.9AI score0.0109EPSS
CVE
CVE
•added 2022/08/02 9:38 p.m.•69 views

CVE-2022-30285

CVE-2022-30285 affects Quest KACE Systems Management Appliance (SMA) up to version 12.0. The vulnerability arises from a hash collision in the authentication process, which may allow authentication with invalid credentials. Severity is high (CVSSv3.1: 9.8, network attack vector, no user interacti...

9.8CVSS9.4AI score0.00475EPSS
CVE
CVE
•added 2017/08/07 4:0 p.m.•64 views

CVE-2017-12567

Summary (CVE-2017-12567) : Concrete SQL injection vulnerability reported affecting Quest KACE products: Asset Management Appliance 6.4.120822–7.2, Systems Management Appliance 6.4.120822–7.2.101, and K1000 as a Service 7.0–7.2. The issues stem from SQL injection in affected components, enabling r...

9.8CVSS9.8AI score0.01226EPSS
CVE
CVE
•added 2019/05/24 4:4 p.m.•63 views

CVE-2019-11604

CVE-2019-11604 affects Quest KACE Systems Management Appliance prior to 9.1. The issue is an unauthenticated reflected Cross-Site Scripting vulnerability in the web interface: input delivered to the GET parameter of /service/kbot_service_notsoap.php is not properly validated or sanitized, allowin...

6.1CVSS6.2AI score0.01778EPSS
Web
CVE
CVE
•added 2023/02/28 12:0 a.m.•61 views

CVE-2022-38220

CVE-2022-38220 affects Quest KACE Systems Management Appliance (SMA) up to and including version 12.1. The vulnerability is an XSS that could allow a remote attacker to inject arbitrary web script or HTML. The common references across sources (NVD/Red Hat/CNNVD/CVE list) corroborate the vulnerabl...

6.1CVSS6.2AI score0.0068EPSS
CVE
CVE
•added 2019/07/08 5:25 p.m.•56 views

CVE-2019-10973

CVE-2019-10973 affects Quest KACE Systems Management Appliance (SMA). The vulnerability is due to improper input validation that allows unintentional access to the appliance via troubleshooting tools in the administrator UI. Affected products include KACE SMA versions 8.0.x, 8.1.x, and 9.0.x. The...

9CVSS6.9AI score0.02415EPSS
CVE
CVE
•added 2025/06/24 12:0 a.m.•53 views

CVE-2025-32975

CVE-2025-32975 affects Quest KACE SMA versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4). The issue is an authentication bypass in the SSO authentication handling mechanism that could allow an atta...

10CVSS7.2AI score0.02417EPSS
In wild
CVE
CVE
•added 2019/11/06 2:55 p.m.•52 views

CVE-2019-13081

CVE-2019-13081 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The web application vulnerability permits an authenticated user to inject and execute arbitrary JavaScript in a service desk user’s browser via the title field in /common/ticket_associated_tickets.php. The root ...

5.4CVSS5.5AI score0.00781EPSS
Web
CVE
CVE
•added 2019/11/06 2:45 p.m.•49 views

CVE-2019-12918

CVE-2019-12918 affects Quest KACE Systems Management Appliance Server Center v9.1.317. Multiple connected sources confirm a SQL injection vulnerability in the file software_library.php, targeting parameters order[0][column] and order[0][dir]. The root cause is insufficient validation of externall...

9.8CVSS9.7AI score0.01053EPSS
CVE
CVE
•added 2019/11/06 2:44 p.m.•48 views

CVE-2019-12917

The CVE-2019-12917 entry describes a reflected XSS in Quest KACE Systems Management Appliance Server Center 9.1.317, specifically affecting the userui/software_library.php component via PATH_INFO. Connected documents corroborate a cross-site scripting vulnerability stemming from improper validati...

6.1CVSS5.9AI score0.00961EPSS
CVE
CVE
•added 2019/11/06 2:49 p.m.•47 views

CVE-2019-13076

CVE-2019-13076 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is a SQL injection in the /userui/ticket_list.php component, using parameters order[0][column] and order[0][dir]. An authenticated user can potentially execute arbitrary SQL commands against th...

8.8CVSS9.1AI score0.01235EPSS
Web
CVE
CVE
•added 2019/11/06 2:50 p.m.•47 views

CVE-2019-13077

CVE-2019-13077 affects Quest KACE Systems Management Appliance Server Center version 9.1.317, where an XSS flaw is exploitable via the sam_detail_titled.php SAM_TYPE parameter. This allows an attacker to craft a malicious link that could execute script in the context of authenticated users. Root ...

6.1CVSS5.8AI score0.00961EPSS
CVE
CVE
•added 2019/11/06 2:53 p.m.•46 views

CVE-2019-13080

The CVE-2019-13080 vulnerability affects Quest KACE Systems Management Appliance Server Center 9.1.317. A cross-site scripting (XSS) flaw exists in the web interface that can be triggered via an SVG image and an HTML file, allowing an authenticated administrator to have arbitrary JavaScript execu...

5.4CVSS5.5AI score0.00781EPSS
CVE
CVE
•added 2019/11/06 2:53 p.m.•43 views

CVE-2019-13079

CVE-2019-13079 affects Quest KACE Systems Management Appliance Server Center 9.1.317. The vulnerability is an SQL injection in the /adminui/history_log.php endpoint, targeting the TYPE_NAME parameter. An authenticated user can potentially alter the database or execute arbitrary commands via the i...

8.8CVSS9.1AI score0.01235EPSS
Web
CVE
CVE
•added 2019/11/06 2:52 p.m.•42 views

CVE-2019-13078

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection in /common/user_profile.php (parameter sort_column). An authenticated user can execute arbitrary SQL commands against the underlying database. Root cause cited in CNVD reports as lack of validation of ext...

8.8CVSS9.1AI score0.01235EPSS
Web