Published: 03/06/2019 Updated: 09/10/2019

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Subscribe to Kace Systems Management Appliance Firmware

The Quest Kace K1000 Appliance, versions before 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quest kace_systems_management_appliance_firmware

# Exploit Title: [Dell Kace Appliance Multiple Vulnerabilities] # Date: [12/04/2018] # Exploit Author: [SlidingWindow], Twitter: @kapil_khot # Vendor Homepage: [wwwquestcom/products/kace-systems-management-appliance/] # Affected Versions: [KACE SMA versions prior to 90270 PATCH SEC2018_20180410] # Tested on: [Quest Kace K1000 Appliance ...

Dell KACE System Management Appliance (SMA) versions prior to 90270 patch SEC2018_20180410 suffers from cross site scripting and remote SQL injection vulnerabilities ...

CWE-89 https://www.kb.cert.org/vuls/id/877837/https://support.quest.com/kb/288310/cert-coordination-center-report-update https://nvd.nist.gov https://www.exploit-db.com/exploits/46956 https://www.kb.cert.org/vuls/id/877837

CVE-2018-5404

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect