3 matches found
CVE-2018-5405
CVE-2018-5405 affects Quest Kace K1000 Appliance (SMA) versions prior to 9.0.270. A authenticated, least-privileged user with ‘User Console Only’ rights can inject arbitrary JavaScript on the tickets page due to insufficient input neutralization, enabling potential session cookie theft and takeov...
CVE-2018-5406
CVE-2018-5406 affects Quest Kace K1000 Appliance / KACE SMA versions before 9.0.270. The issue is a misconfigured Cross-Origin Resource Sharing (CORS) mechanism that an unauthenticated, remote attacker can abuse to perform sensitive actions (e.g., adding an administrator account or changing setti...
CVE-2018-5404
CVE-2018-5404 affects Quest Kace K1000 Appliance (KACE SMA) versions prior to 9.0.270. The vulnerability is a blind SQL injection in which an authenticated, low-privilege user ('User Console Only') could potentially retrieve sensitive data from the database or copy the entire database. The issue ...