Kace Systems Management Appliance
Approved changes feed: RSS · Atom
cpe:2.3:a:quest:kace_systems_management_appliance:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Quest (91a9bf17-30f5-5671-ad35-2f5777bc4995) |
|---|---|
| Product | Kace Systems Management Appliance (a52d0acc-247d-51b1-8382-6e06c05af917) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-32975 |
vulnerable | 2026-06-03 15:00:42.560927 |
Details available
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Published: 2025-06-24T00:00:00.000Z
Updated: 2026-04-21T03:55:39.782Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-26850 |
vulnerable | 2026-06-03 15:00:08.553997 |
Details available
CRITICAL (9.3)
The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
Published: 2025-07-04T00:00:00.000Z
Updated: 2025-07-08T14:36:07.987Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23774 |
vulnerable | 2026-06-03 14:55:04.495001 |
Details available
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges.
Published: 2024-04-30T00:00:00.000Z
Updated: 2024-08-01T23:13:07.423Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23773 |
vulnerable | 2026-06-03 14:55:04.494659 |
Details available
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges.
Published: 2024-04-30T00:00:00.000Z
Updated: 2024-08-01T23:13:07.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-23772 |
vulnerable | 2026-06-03 14:55:04.494107 |
Details available
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.
Published: 2024-04-30T00:00:00.000Z
Updated: 2024-08-09T20:52:13.632Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-38220 |
vulnerable | 2026-06-03 14:47:49.461072 |
Details available
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
Published: 2023-02-28T00:00:00.000Z
Updated: 2025-03-18T15:09:57.932Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-30285 |
vulnerable | 2026-06-03 14:47:08.489028 |
Details available
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
Published: 2022-08-02T21:38:53.000Z
Updated: 2024-08-03T06:48:34.881Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29808 |
vulnerable | 2026-06-03 14:46:58.928825 |
Details available
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
Published: 2022-08-02T21:35:42.000Z
Updated: 2024-08-03T06:33:42.690Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29807 |
vulnerable | 2026-06-03 14:46:58.928372 |
Details available
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
Published: 2022-08-02T21:42:14.000Z
Updated: 2024-08-03T06:33:42.790Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-11604 |
vulnerable | 2026-06-03 14:39:33.474180 |
Details available
An issue was discovered in Quest KACE Systems Management Appliance before 9.1. The script at /service/kbot_service_notsoap.php is vulnerable to unauthenticated reflected XSS when user-supplied input to the METHOD GET parameter is processed by the web application. Since the application does not properly validate and sanitize this parameter, it is possible to place arbitrary script code into the context of the same page.
Published: 2019-05-24T16:04:52.000Z
Updated: 2024-08-04T22:55:41.050Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-10973 |
vulnerable | 2026-06-03 14:39:25.245999 |
Details available
Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface.
Published: 2019-07-08T17:25:30.000Z
Updated: 2024-08-04T22:40:15.634Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.