Quest Software Kace Systems Management Appliance
By the Year
In 2023 there have been 1 vulnerability in Quest Software Kace Systems Management Appliance with an average score of 6.1 out of ten. Last year Kace Systems Management Appliance had 3 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Kace Systems Management Appliance in 2023 could surpass last years number. Last year, the average CVE base score was greater by 2.93
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 6.10 |
| 2022 | 3 | 9.03 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 10 | 7.25 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Kace Systems Management Appliance vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Quest Software Kace Systems Management Appliance Security Vulnerabilities
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1
CVE-2022-38220
6.1 - Medium
- March 01, 2023
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
XSS
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication
CVE-2022-30285
9.8 - Critical
- August 02, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
Insufficiently Protected Credentials
In Quest KACE Systems Management Appliance (SMA) through 12.0
CVE-2022-29808
7.5 - High
- August 02, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
Use of Insufficiently Random Values
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0
CVE-2022-29807
9.8 - Critical
- August 02, 2022
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
SQL Injection
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component
CVE-2019-12917
6.1 - Medium
- November 06, 2019
A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via the PATH_INFO.
XSS
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection
CVE-2019-12918
9.8 - Critical
- November 06, 2019
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].
SQL Injection
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection
CVE-2019-13076
8.8 - High
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
SQL Injection
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter)
CVE-2019-13077
6.1 - Medium
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attacker to create a malicious link in order to attack authenticated users.
XSS
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection
CVE-2019-13078
8.8 - High
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.
SQL Injection
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection
CVE-2019-13079
8.8 - High
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /adminui/history_log.php. The affected parameter is TYPE_NAME.
SQL Injection
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file)
CVE-2019-13080
5.4 - Medium
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.
XSS
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality)
CVE-2019-13081
5.4 - Medium
- November 06, 2019
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser.
XSS
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x
CVE-2019-10973
7.2 - High
- July 08, 2019
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
Improper Input Validation
An issue was discovered in Quest KACE Systems Management Appliance before 9.1
CVE-2019-11604
6.1 - Medium
- May 24, 2019
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Quest Software Kace Systems Management Appliance or by Quest Software? Click the Watch button to subscribe.
