Vulnerabilities > Quest > Kace System Management Appliance > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-31 | CVE-2018-11142 | Incorrect Authorization vulnerability in Quest Kace System Management Appliance 8.0.318 The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. | 5.5 |
| 2018-05-31 | CVE-2018-11137 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. | 6.5 |
| 2018-05-31 | CVE-2018-11133 | Cross-site Scripting vulnerability in Quest Kace System Management Appliance 8.0.318 The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | 6.1 |