Vulnerabilities > Quest > Kace Systems Management Appliance Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2018-5406 Unspecified vulnerability in Quest Kace Systems Management Appliance Firmware 9.0
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism.
network
low complexity
quest
8.8
8.8
2019-06-03 CVE-2018-5405 Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware 9.0
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page.
network
low complexity
quest CWE-79
5.4
5.4
2019-06-03 CVE-2018-5404 SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware 9.0
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database.
network
low complexity
quest CWE-89
6.5
6.5