4 matches found
CVE-2022-29808
CVE-2022-29808 affects Quest KACE Systems Management Appliance (SMA) up to and including 12.0, where appliance linking enables predictable token generation. This is the root cause described in connected records, tied to SMA versions prior to 12.0 and remediated by upgrading to 12.0 or later. The ...
CVE-2022-29807
The CVE-2022-29807 entry affects Quest KACE Systems Management Appliance (SMA). The vulnerability is a SQL injection in the download_agent_installer.php endpoint that can lead to remote code execution. Affected are SMA versions prior to 12.0; versions 12.0 or later are patched. Remediation: updat...
CVE-2022-30285
CVE-2022-30285 affects Quest KACE Systems Management Appliance (SMA) up to version 12.0. The vulnerability arises from a hash collision in the authentication process, which may allow authentication with invalid credentials. Severity is high (CVSSv3.1: 9.8, network attack vector, no user interacti...
CVE-2019-11604
CVE-2019-11604 affects Quest KACE Systems Management Appliance prior to 9.1. The issue is an unauthenticated reflected Cross-Site Scripting vulnerability in the web interface: input delivered to the GET parameter of /service/kbot_service_notsoap.php is not properly validated or sanitized, allowin...