Vulnerabilities > Quest
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-21 | CVE-2023-33254 | Incorrect Authorization vulnerability in Quest Kace Systems Deployment Appliance 9.0.146 There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. | 6.5 |
| 2023-03-01 | CVE-2022-38220 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
| 2022-08-02 | CVE-2022-29807 | SQL Injection vulnerability in Quest Kace Systems Management Appliance A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | 9.8 |
| 2022-08-02 | CVE-2022-29808 | Use of Insufficiently Random Values vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | 7.5 |
| 2022-08-02 | CVE-2022-30285 | Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. | 9.8 |
| 2021-12-22 | CVE-2021-44028 | XXE vulnerability in Quest Kace Desktop Authority XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | 5.5 |
| 2021-12-22 | CVE-2021-44029 | Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 9.8 |
| 2021-12-22 | CVE-2021-44030 | Cross-site Scripting vulnerability in Quest Kace Desktop Authority Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | 6.1 |
| 2021-12-22 | CVE-2021-44031 | Unrestricted Upload of File with Dangerous Type vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 9.8 |
| 2021-01-11 | CVE-2020-35727 | Cross-site Scripting vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. | 5.4 |