Kace Systems Management Appliance Security Vulnerabilities and Issues — Kace Systems Management Appliance CVE List

Lucene search

QuestKace Systems Management Appliance

6 matches found

CVE•added 2022/08/02 10:15 p.m.•62 views

CVE-2022-29807

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.

9.8CVSS9.9AI score0.0134EPSS

CVE•added 2017/08/07 4:29 p.m.•52 views

CVE-2017-12567

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.

9.8CVSS9.8AI score0.0033EPSS

CVE•added 2022/08/02 10:15 p.m.•52 views

CVE-2022-30285

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

9.8CVSS9.4AI score0.00144EPSS

CVE•added 2019/07/08 6:15 p.m.•46 views

CVE-2019-10973

Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.

9CVSS6.9AI score0.0068EPSS

CVE•added 2019/11/06 3:15 p.m.•35 views

CVE-2019-12918

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].

9.8CVSS9.7AI score0.00394EPSS

CVE•added 2025/07/05 12:15 a.m.•8 views

CVE-2025-26850

The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.

9.3CVSS6.9AI score0.00017EPSS