Quest Kace_systems_management_appliance

19 CVEs affecting Quest Kace_systems_management_appliance. Latest disclosed: 2025-06-24. Critical: 5, High: 6.

Top CVEs affecting Quest Kace_systems_management_appliance
CVESeverityScorePublishedSummary
CVE-2025-32975Critical10.02025-06-24Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1…
CVE-2022-30285Critical9.82022-08-02In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid c…
CVE-2022-29807Critical9.82022-08-02A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_ag…
CVE-2019-12918Critical9.82019-11-06Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected pa…
CVE-2017-12567Critical9.82017-08-07SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a S…
CVE-2019-13079High8.82019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman…
CVE-2019-13078High8.82019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman…
CVE-2019-13076High8.82019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman…
CVE-2018-5406High8.82019-06-03The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism…
CVE-2022-29808High7.52022-08-02In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVE-2019-10973High7.22019-07-08Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting too…
CVE-2018-5404Medium6.52019-06-03The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potenti…
CVE-2022-38220Medium6.12023-03-01An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVE-2019-13077Medium6.12019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attack…
CVE-2019-12917Medium6.12019-11-06A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via t…
CVE-2019-11604Medium6.12019-05-24An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated…
CVE-2019-13081Medium5.42019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php servic…
CVE-2019-13080Medium5.42019-11-06Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to ex…
CVE-2018-5405Medium5.42019-06-03The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject…