Quest Software Kace System Management Appliance

Do you want an email whenever new security vulnerabilities are reported in Quest Software Kace System Management Appliance?

By the Year

In 2021 there have been 0 vulnerabilities in Quest Software Kace System Management Appliance . Kace System Management Appliance did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 11 8.29

It may take a day or so for new Kace System Management Appliance vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Quest Software Kace System Management Appliance Security Vulnerabilities

In order to perform actions

CVE-2018-11132 8.8 - High - May 31, 2018

In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue that runs daemonized with root privileges and only allows a set of commands to be executed. A command injection vulnerability exists within this message queue which allows low-privilege users to append arbitrary commands that will be run as root.

Shell injection

The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.

CVE-2018-11133 6.1 - Medium - May 31, 2018

The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting.

XSS

In order to perform actions

CVE-2018-11134 8.8 - High - May 31, 2018

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set of commands. One of the available commands allows changing any user's password (including root). A low-privilege user could abuse this feature by changing the password of the 'kace_support' account, which comes disabled by default but has full sudo privileges.

Weak Password Recovery Mechanism for Forgotten Password

The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318

CVE-2018-11135 7.5 - High - May 31, 2018

The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.

Mass Assignment

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized

CVE-2018-11136 9.8 - Critical - May 31, 2018

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, a blind time-based type).

SQL Injection

The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges

CVE-2018-11137 6.5 - Medium - May 31, 2018

The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script.

Directory traversal

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and

CVE-2018-11138 9.8 - Critical - May 31, 2018

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.

Shell injection

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and

CVE-2018-11139 8.8 - High - May 31, 2018

The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TEST_SERVER' sent to the script via the POST method.

Shell injection

The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized

CVE-2018-11140 9.8 - Critical - May 31, 2018

The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not sanitized, leading to SQL injection (in particular, an error-based type).

SQL Injection

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively

CVE-2018-11141 9.8 - Critical - May 31, 2018

The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write permissions.

Directory traversal

The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only

CVE-2018-11142 5.5 - Medium - May 31, 2018

The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization.

AuthZ

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Quest Software Kace System Management Appliance or by Quest Software? Click the Watch button to subscribe.

 
subscribe