Vulnerabilities > Quest > Kace Systems Management Appliance
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-08 | CVE-2019-10973 | Improper Input Validation vulnerability in Quest Kace Systems Management Appliance Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface. | 9.0 |
| 2019-06-03 | CVE-2018-5406 | Permissions, Privileges, and Access Controls vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. | 9.3 |
| 2019-06-03 | CVE-2018-5405 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. | 3.5 |
| 2019-06-03 | CVE-2018-5404 | SQL Injection vulnerability in Quest Kace Systems Management Appliance Firmware The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. | 4.0 |
| 2019-05-24 | CVE-2019-11604 | Cross-site Scripting vulnerability in Quest Kace Systems Management Appliance An issue was discovered in Quest KACE Systems Management Appliance before 9.1. | 4.3 |
| 2017-08-07 | CVE-2017-12567 | SQL Injection vulnerability in Quest products SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | 7.5 |