Vulnerabilities > CVE-2018-11135 - Unspecified vulnerability in Quest Kace System Management Appliance 8.0.318

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
quest
NVD
Published: 2018-05-31
Updated: 2022-12-02

Summary

The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks.

Vulnerable Configurations

Part Description Count
Application
Quest
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/148005/CORE-2018-0004.txt
idPACKETSTORM:148005
last seen2018-06-01
published2018-05-31
reporterCore Security Technologies
sourcehttps://packetstormsecurity.com/files/148005/Quest-KACE-System-Management-Appliance-8.0-Build-8.0.318-XSS-Traversal-Code-Execution-SQL-Injection.html
titleQuest KACE System Management Appliance 8.0 (Build 8.0.318) XSS / Traversal / Code Execution / SQL Injection

References