CVE-2018-5404
- EPSS 0.46%
- Veröffentlicht 03.06.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:08:45
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information...
CVE-2018-5405
- EPSS 4.35%
- Veröffentlicht 03.06.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:08:45
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious use...
CVE-2018-5406
- EPSS 16.48%
- Veröffentlicht 03.06.2019 19:29:01
- Zuletzt bearbeitet 21.11.2024 04:08:45
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive...