Filtered by vendor Quest
Subscribe
Total
130 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2023-03-06 | N/A | 6.1 MEDIUM |
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | |||||
CVE-2018-11135 | 1 Quest | 1 Kace System Management Appliance | 2022-12-02 | 6.0 MEDIUM | 8.8 HIGH |
The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks. | |||||
CVE-2022-30285 | 1 Quest | 1 Kace Systems Management Appliance | 2022-08-10 | N/A | 9.8 CRITICAL |
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | |||||
CVE-2022-29808 | 1 Quest | 1 Kace Systems Management Appliance | 2022-08-10 | N/A | 7.5 HIGH |
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | |||||
CVE-2022-29807 | 1 Quest | 1 Kace Systems Management Appliance | 2022-08-10 | N/A | 9.8 CRITICAL |
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | |||||
CVE-2020-35205 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to scan internal ports and make outbound connections via the initFile.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35203 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35204 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-04-25 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the PolicyAuthority/Common/FolderControl.jsp file via the unqID parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35719 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35721 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35720 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35206 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the cConn.jsp file via the ur parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35722 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 4.3 MEDIUM | 6.5 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35723 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35724 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35727 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 3.5 LOW | 5.4 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35726 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2020-35725 | 1 Quest | 1 Policy Authority For Unified Communications | 2022-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
CVE-2021-44029 | 1 Quest | 1 Kace Desktop Authority | 2022-01-03 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation. | |||||
CVE-2021-44028 | 1 Quest | 1 Kace Desktop Authority | 2022-01-03 | 4.3 MEDIUM | 5.5 MEDIUM |
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. |