Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11142 | 1 Quest | 1 Kace System Management Appliance | 2019-10-03 | 2.1 LOW | 5.5 MEDIUM |
| The 'systemui/settings_network.php' and 'systemui/settings_patching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'X_Forwarded_For' HTTP headers in a POST request. An anonymous user can abuse this vulnerability to execute critical functions without authorization. | |||||
| CVE-2018-11133 | 1 Quest | 1 Kace System Management Appliance | 2018-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 'fmt' parameter of the '/common/run_cross_report.php' script in the the Quest KACE System Management Appliance 8.0.318 is vulnerable to cross-site scripting. | |||||
| CVE-2018-11137 | 1 Quest | 1 Kace System Management Appliance | 2018-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The 'checksum' parameter of the '/common/download_attachment.php' script in the Quest KACE System Management Appliance 8.0.318 can be abused to read arbitrary files with 'www' privileges via Directory Traversal. No administrator privileges are needed to execute this script. | |||||