Quest

Kace Systems Management Appliance

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2025-26850

  • EPSS 0.02%
  • Veröffentlicht 04.07.2025 00:00:00
  • Zuletzt bearbeitet 08.07.2025 16:18:53

The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.

7.5

CVE-2025-32978

  • EPSS 0.25%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 20:18:29

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses throug...

9.6

CVE-2025-32977

  • EPSS 0.06%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 20:18:29

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the sys...

8.8

CVE-2025-32976

  • EPSS 0.16%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 20:18:29

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication impleme...

10

CVE-2025-32975

  • EPSS 0.16%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 03.11.2025 20:18:29

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows at...

7.8

CVE-2024-23774

  • EPSS 0.52%
  • Veröffentlicht 30.04.2024 14:15:15
  • Zuletzt bearbeitet 21.11.2024 08:58:23

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with...

7.8

CVE-2024-23773

  • EPSS 0.33%
  • Veröffentlicht 30.04.2024 14:15:15
  • Zuletzt bearbeitet 21.11.2024 08:58:22

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.

6.6

CVE-2024-23772

  • EPSS 0.17%
  • Veröffentlicht 30.04.2024 14:15:14
  • Zuletzt bearbeitet 21.11.2024 08:58:22

An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their...

6.1

CVE-2022-38220

  • EPSS 0.27%
  • Veröffentlicht 01.03.2023 00:15:10
  • Zuletzt bearbeitet 18.03.2025 15:15:41

An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.

9.8

CVE-2022-29807

  • EPSS 2.02%
  • Veröffentlicht 02.08.2022 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:59:43

A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.