Quest Kace System Management Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Quest Kace System Management Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2018-11140 — CVSS 9.8 (critical): The 'reportID' parameter received by the '/common/run_report.php' script in the Quest KACE System Management Appliance 8.0.318 is not…
CVE-2018-11141 — CVSS 9.8 (critical): The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management…
CVE-2018-11136 — CVSS 9.8 (critical): The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318…
CVE-2018-11139 — CVSS 8.8 (high): The '/common/ajax_email_connection_test.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any…
CVE-2018-11132 — CVSS 8.8 (high): In order to perform actions that require higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue…
CVE-2018-11134 — CVSS 8.8 (high): In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue…
CVE-2018-11135 — CVSS 8.8 (high): The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP…
CVE-2018-11137 — CVSS 6.5 (medium): The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be…
CVE-2018-11133 — CVSS 6.1 (medium): The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to…
CVE-2018-11142 — CVSS 5.5 (medium): The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are…