CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11604

An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2019-11604

Quest » Kace Systems Management Appliance » Version: 6.4.120822

cpe:2.3:a:quest:kace_systems_management_appliance:6.4.120822
Quest » Kace Systems Management Appliance » Version: 7.0

cpe:2.3:a:quest:kace_systems_management_appliance:7.0
Quest » Kace Systems Management Appliance » Version: 7.0.121306

cpe:2.3:a:quest:kace_systems_management_appliance:7.0.121306
Quest » Kace Systems Management Appliance » Version: 7.1

cpe:2.3:a:quest:kace_systems_management_appliance:7.1
Quest » Kace Systems Management Appliance » Version: 7.1.149

cpe:2.3:a:quest:kace_systems_management_appliance:7.1.149
Quest » Kace Systems Management Appliance » Version: 7.2

cpe:2.3:a:quest:kace_systems_management_appliance:7.2
Quest » Kace Systems Management Appliance » Version: 7.2.101

cpe:2.3:a:quest:kace_systems_management_appliance:7.2.101
Quest » Kace Systems Management Appliance » Version: 8.0.0

cpe:2.3:a:quest:kace_systems_management_appliance:8.0.0
Quest » Kace Systems Management Appliance » Version: 8.0.153

cpe:2.3:a:quest:kace_systems_management_appliance:8.0.153
Quest » Kace Systems Management Appliance » Version: 8.0.318

cpe:2.3:a:quest:kace_systems_management_appliance:8.0.318
Quest » Kace Systems Management Appliance » Version: 8.0.320

cpe:2.3:a:quest:kace_systems_management_appliance:8.0.320
Quest » Kace Systems Management Appliance » Version: 8.1.0

cpe:2.3:a:quest:kace_systems_management_appliance:8.1.0
Quest » Kace Systems Management Appliance » Version: 8.1.107

cpe:2.3:a:quest:kace_systems_management_appliance:8.1.107
Quest » Kace Systems Management Appliance » Version: 8.1.108

cpe:2.3:a:quest:kace_systems_management_appliance:8.1.108
Quest » Kace Systems Management Appliance » Version: 8.1.53

cpe:2.3:a:quest:kace_systems_management_appliance:8.1.53
Quest » Kace Systems Management Appliance » Version: 9.0.0

cpe:2.3:a:quest:kace_systems_management_appliance:9.0.0
Quest » Kace Systems Management Appliance » Version: 9.0.181

cpe:2.3:a:quest:kace_systems_management_appliance:9.0.181
Quest » Kace Systems Management Appliance » Version: 9.0.270

cpe:2.3:a:quest:kace_systems_management_appliance:9.0.270
Quest » Kace Systems Management Appliance » Version: 9.0.271

cpe:2.3:a:quest:kace_systems_management_appliance:9.0.271

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11604

Products

Pricing

Contact Us