Vulnerabilities > Quest > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-08-02 CVE-2022-30285 Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication.
network
low complexity
quest CWE-326
critical
 9.8
9.8
2021-01-11 CVE-2020-35205 Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200
Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file.
network
low complexity
quest CWE-918
critical
 9.8
9.8
2020-03-23 CVE-2020-8868 Use of Hard-coded Credentials vulnerability in Quest Foglight Evolve 9.0.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0.
network
low complexity
quest CWE-798
critical
 10.0
10
2019-07-08 CVE-2019-10973 Improper Input Validation vulnerability in Quest Kace Systems Management Appliance
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
network
low complexity
quest CWE-20
critical
 9.0
9.0
2019-06-03 CVE-2018-5406 Permissions, Privileges, and Access Controls vulnerability in Quest Kace Systems Management Appliance Firmware
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism.
network
quest CWE-264
critical
 9.3
9.3
2018-06-02 CVE-2018-11194 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 6 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11193 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 5 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11192 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 4 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11191 Incorrect Permission Assignment for Critical Resource vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 3 of 6).
network
low complexity
quest CWE-732
critical
 9.0
9.0
2018-06-02 CVE-2018-11190 Improper Privilege Management vulnerability in Quest Disk Backup
Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 2 of 6).
network
low complexity
quest CWE-269
critical
 9.0
9.0