Quest Kace K1000 Appliance vulnerabilities
3 known vulnerabilities affecting quest_kace/k1000_appliance.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-5406P2HIGHCVSS 8.8PoC≥ 9.0.270, < 9.0.2702019-06-03
CVE-2018-5406 [HIGH] CWE-284 CVE-2018-5406: The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the m
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious int
nvd
CVE-2018-5404P3MEDIUMCVSS 6.5PoC≥ 9.0.270, < 9.0.2702019-06-03
CVE-2018-5404 [MEDIUM] CWE-89 CVE-2018-5404: The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL
nvd
CVE-2018-5405P3MEDIUMCVSS 5.4PoC≥ 9.0.270, < 9.0.2702019-06-03
CVE-2018-5405 [MEDIUM] CWE-79 CVE-2018-5405: The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their sessi
nvd