Quest: >> Kace Systems Management Appliance >> 9.1.204 Security Vulnerabilities
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-03-01
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-08-02
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-08-02
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-08-02