Quest Kace_systems_management_appliance
19 CVEs affecting Quest Kace_systems_management_appliance. Latest disclosed: 2025-06-24. Critical: 5, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32975 | Critical | 10.0 | 2025-06-24 | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1… |
CVE-2022-30285 | Critical | 9.8 | 2022-08-02 | In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid c… |
CVE-2022-29807 | Critical | 9.8 | 2022-08-02 | A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_ag… |
CVE-2019-12918 | Critical | 9.8 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected pa… |
CVE-2017-12567 | Critical | 9.8 | 2017-08-07 | SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a S… |
CVE-2019-13079 | High | 8.8 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman… |
CVE-2019-13078 | High | 8.8 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman… |
CVE-2019-13076 | High | 8.8 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary comman… |
CVE-2018-5406 | High | 8.8 | 2019-06-03 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism… |
CVE-2022-29808 | High | 7.5 | 2022-08-02 | In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. |
CVE-2019-10973 | High | 7.2 | 2019-07-08 | Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting too… |
CVE-2018-5404 | Medium | 6.5 | 2019-06-03 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potenti… |
CVE-2022-38220 | Medium | 6.1 | 2023-03-01 | An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. |
CVE-2019-13077 | Medium | 6.1 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the sam_detail_titled.php SAM_TYPE parameter) that allows an attack… |
CVE-2019-12917 | Medium | 6.1 | 2019-11-06 | A reflected XSS vulnerability exists in Quest KACE Systems Management Appliance Server Center 9.1.317 affecting the userui/software_library.php component via t… |
CVE-2019-11604 | Medium | 6.1 | 2019-05-24 | An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated… |
CVE-2019-13081 | Medium | 5.4 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php servic… |
CVE-2019-13080 | Medium | 5.4 | 2019-11-06 | Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to ex… |
CVE-2018-5405 | Medium | 5.4 | 2019-06-03 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject… |