Quest Software Kace Desktop Authority
By the Year
In 2023 there have been 0 vulnerabilities in Quest Software Kace Desktop Authority . Kace Desktop Authority did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 7.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Kace Desktop Authority vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Quest Software Kace Desktop Authority Security Vulnerabilities
Quest KACE Desktop Authority before 11.2
CVE-2021-44030
6.1 - Medium
- December 22, 2021
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
XSS
An issue was discovered in Quest KACE Desktop Authority before 11.2
CVE-2021-44031
9.8 - Critical
- December 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.
Unrestricted File Upload
An issue was discovered in Quest KACE Desktop Authority before 11.2
CVE-2021-44029
9.8 - Critical
- December 22, 2021
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.
Marshaling, Unmarshaling
XXE can occur in Quest KACE Desktop Authority before 11.2
CVE-2021-44028
5.5 - Medium
- December 22, 2021
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
XXE
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Quest Software Kace Desktop Authority or by Quest Software? Click the Watch button to subscribe.
