Vulnerabilities > Quest > Kace Systems Management Appliance > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2022-38220 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
| 2022-08-02 | CVE-2022-29807 | SQL Injection vulnerability in Quest Kace Systems Management Appliance A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | 9.8 |
| 2022-08-02 | CVE-2022-29808 | Use of Insufficiently Random Values vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | 7.5 |
| 2022-08-02 | CVE-2022-30285 | Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. | 9.8 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 6.1 |
| 2017-08-07 | CVE-2017-12567 | SQL Injection vulnerability in Quest products SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | 9.8 |