Quest Kace Systems Management Appliance — known CVE vulnerabilities
Every CVE whose affected-product data names Quest Kace Systems Management Appliance, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2017-12567 — CVSS 9.8 (critical): SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through…
CVE-2019-12918 — CVSS 9.8 (critical): Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is…
CVE-2022-29807 — CVSS 9.8 (critical): A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code…
CVE-2022-30285 — CVSS 9.8 (critical): In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow…
CVE-2019-13076 — CVSS 8.8 (high): Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to…
CVE-2019-13078 — CVSS 8.8 (high): Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to…
CVE-2019-13079 — CVSS 8.8 (high): Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to…
CVE-2022-29808 — CVSS 7.5 (high): In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVE-2019-10973 — CVSS 7.2 (high): Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the…
CVE-2022-38220 — CVSS 6.1 (medium): An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary…
CVE-2019-11604 — CVSS 6.1 (medium): An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is…
CVE-2019-12917 — CVSS 6.1 (medium): A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library…
CVE-2019-13077 — CVSS 6.1 (medium): Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter)…
CVE-2019-13081 — CVSS 5.4 (medium): Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated…
CVE-2019-13080 — CVSS 5.4 (medium): Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an…