Kace Systems Management Appliance Security Vulnerabilities and Issues — Kace Systems Management Appliance CVE List

Lucene search

QuestKace Systems Management Appliance

5 matches found

CVE•added 2023/03/01 12:15 a.m.•46 views

CVE-2022-38220

An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.

6.1CVSS6.2AI score0.00108EPSS

CVE•added 2019/05/24 5:29 p.m.•45 views

CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not prop...

6.1CVSS6.2AI score0.00503EPSS

CVE•added 2024/04/30 2:15 p.m.•38 views

CVE-2024-23772

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.

6.6CVSS6.6AI score0.00128EPSS

CVE•added 2019/11/06 3:15 p.m.•34 views

CVE-2019-13077

Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.

6.1CVSS5.8AI score0.00422EPSS

CVE•added 2019/11/06 3:15 p.m.•32 views

CVE-2019-12917

A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.

6.1CVSS5.9AI score0.00421EPSS