Vulnerabilities > Quest > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-02 | CVE-2022-29807 | SQL Injection vulnerability in Quest Kace Systems Management Appliance A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | 9.8 |
| 2022-08-02 | CVE-2022-30285 | Inadequate Encryption Strength vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. | 9.8 |
| 2021-12-22 | CVE-2021-44029 | Deserialization of Untrusted Data vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 9.8 |
| 2021-12-22 | CVE-2021-44031 | Unrestricted Upload of File with Dangerous Type vulnerability in Quest Kace Desktop Authority An issue was discovered in Quest KACE Desktop Authority before 11.2. | 9.8 |
| 2021-01-11 | CVE-2020-35205 | Server-Side Request Forgery (SSRF) vulnerability in Quest Policy Authority for Unified Communications 8.1.2.200 Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. | 9.8 |
| 2020-03-23 | CVE-2020-8868 | Use of Hard-coded Credentials vulnerability in Quest Foglight Evolve 9.0.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest Foglight Evolve 9.0.0. | 9.8 |
| 2020-03-09 | CVE-2019-20504 | OS Command Injection vulnerability in Quest Kace Systems Management service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to execute code via shell metacharacters in the kuid parameter. | 9.8 |
| 2019-11-06 | CVE-2019-12918 | SQL Injection vulnerability in Quest Kace Systems Management Appliance 9.1.317 Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. | 9.8 |
| 2018-06-02 | CVE-2018-11143 | OS Command Injection vulnerability in Quest Disk Backup Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46). | 9.8 |
| 2018-05-31 | CVE-2018-11141 | Path Traversal vulnerability in Quest Kace System Management Appliance 8.0.318 The 'IMAGES_JSON' and 'attachments_to_remove[]' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. | 9.8 |