Quest: >> Kace Systems Management Appliance >> 7.2 Security Vulnerabilities
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-01
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-08-02
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-02
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-02
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.
CVSS Score
6.1
EPSS Score
0.005
Published
2019-05-24
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
CVSS Score
9.8
EPSS Score
0.003
Published
2017-08-07