Quest Software Kace Desktop Authority
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Quest Software Kace Desktop Authority.
By the Year
In 2026 there have been 1 vulnerability in Quest Software Kace Desktop Authority with an average score of 5.3 out of ten. Kace Desktop Authority did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 5.30 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 7.80 |
It may take a day or so for new Kace Desktop Authority vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Quest Software Kace Desktop Authority Security Vulnerabilities
Insecure Permissions on IPC Named Pipes: Quest KACE Desktop Authority <=11.3.1
CVE-2025-67813
5.3 - Medium
- January 12, 2026
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
Incorrect Default Permissions
Quest KACE Desktop Authority before 11.2
CVE-2021-44030
6.1 - Medium
- December 22, 2021
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
XSS
An issue was discovered in Quest KACE Desktop Authority before 11.2
CVE-2021-44031
9.8 - Critical
- December 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.
Unrestricted File Upload
An issue was discovered in Quest KACE Desktop Authority before 11.2
CVE-2021-44029
9.8 - Critical
- December 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.
Marshaling, Unmarshaling
XXE can occur in Quest KACE Desktop Authority before 11.2
CVE-2021-44028
5.5 - Medium
- December 22, 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Quest Software Kace Desktop Authority or by Quest Software? Click the Watch button to subscribe.
