Vulnerabilities > Quest > Kace Systems Management Appliance > 8.0.0

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2022-38220 Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
network
low complexity
quest CWE-79
6.1
2022-08-02 CVE-2022-29807 SQL Injection vulnerability in Quest Kace Systems Management Appliance
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
network
low complexity
quest CWE-89
critical
9.8
2022-08-02 CVE-2022-29808 Use of Insufficiently Random Values vulnerability in Quest Kace Systems Management Appliance
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
network
low complexity
quest CWE-330
7.5
2022-08-02 CVE-2022-30285 Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication.
network
low complexity
quest CWE-326
critical
9.8
2019-07-08 CVE-2019-10973 Improper Input Validation vulnerability in Quest Kace Systems Management Appliance
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
network
low complexity
quest CWE-20
7.2
2019-05-24 CVE-2019-11604 Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance
An issue was discovered in Quest KACE Systems Management Appliance before 9.1.
network
low complexity
quest CWE-79
6.1