Kace Desktop Authority Quest Software Kace Desktop Authority

Do you want an email whenever new security vulnerabilities are reported in Quest Software Kace Desktop Authority?

By the Year

In 2024 there have been 0 vulnerabilities in Quest Software Kace Desktop Authority . Kace Desktop Authority did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 4 7.80
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Kace Desktop Authority vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Quest Software Kace Desktop Authority Security Vulnerabilities

Quest KACE Desktop Authority before 11.2

CVE-2021-44030 6.1 - Medium - December 22, 2021

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.

XSS

An issue was discovered in Quest KACE Desktop Authority before 11.2

CVE-2021-44031 9.8 - Critical - December 22, 2021

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

Unrestricted File Upload

An issue was discovered in Quest KACE Desktop Authority before 11.2

CVE-2021-44029 9.8 - Critical - December 22, 2021

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.

Marshaling, Unmarshaling

XXE can occur in Quest KACE Desktop Authority before 11.2

CVE-2021-44028 5.5 - Medium - December 22, 2021

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

XXE

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Quest Software Kace Desktop Authority or by Quest Software? Click the Watch button to subscribe.

subscribe