CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11136

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities
https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities

Products affected by CVE-2018-11136

Quest » Kace System Management Appliance » Version: 8.0.318

cpe:2.3:a:quest:kace_system_management_appliance:8.0.318

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11136

Products

Pricing

Contact Us