Vulnerabilities > Quest > Kace Systems Management Appliance > 8.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2022-38220 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | 6.1 |
| 2022-08-02 | CVE-2022-29807 | SQL Injection vulnerability in Quest Kace Systems Management Appliance A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | 9.8 |
| 2022-08-02 | CVE-2022-29808 | Use of Insufficiently Random Values vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | 7.5 |
| 2022-08-02 | CVE-2022-30285 | Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. | 9.8 |
| 2019-07-08 | CVE-2019-10973 | Improper Input Validation vulnerability in Quest Kace Systems Management Appliance Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. | 7.2 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 6.1 |