Vulnerabilities (CVE)

Filtered by vendor Quest Subscribe

Filtered by product Kace Systems Management Appliance

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-30285	1 Quest	1 Kace Systems Management Appliance	2023-08-08	N/A	9.8 CRITICAL
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
CVE-2019-12918	1 Quest	1 Kace Systems Management Appliance	2019-11-07	7.5 HIGH	9.8 CRITICAL
Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].
CVE-2017-12567	1 Quest	3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance	2017-08-15	7.5 HIGH	9.8 CRITICAL
SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.