Chat now with support
Chat mit Support
Portal-Experte werden
Self-Service-Tools
Knowledge Base
Mein Konto
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Support-Essentials
Auszeichnungen und Kundenbewertungen
Erste Schritte
Lizenzvereinbarung
Support-Handbuch

KACE Systems Management Appliance Produktbenachrichtigung

Zurück
Sicherheitslücke

A hotfix has been created to address a potential security vulnerability. This hotfix applies to SMA versions: 7.0, 7.1, 7.2, 8.0, and 8.1. 

 

NOTE: KACE SMA versions 9.0.270 and later include these security fixes.

 

You may download the hotfix and install it immediately, or wait for update distribution via the advertised appliance upgrade process. We encourage everyone to upgrade at your earliest convenience.

 

https://support.quest.com/download-install-detail/6086148

 

NOTE: Applying the hotfix will FORCE A REBOOT on the SMA (K1000).

To apply the security hotfix:

1. Download the attachment referenced in the link above: k1_patch_SEC2018_20180410.kbin
2. Go to Settings | Appliance Updates
3. Use the Choose Action in the Manually Update section and navigate to the file downloaded in step 1
4. Click Update
 
After the reboot, to confirm that the process completed as expected, please view Settings | Logs and change the drop-down to Updates.  The logs should state that the security hotfix was applied.

 

After the hotfix is applied or the appliance is updated via the appliance upgrade distribution process, the following versions will contain the fix for the potential security vulnerability:

 

7.0.121307

7.1.150

7.2.103

8.0.320

8.1.108 

9.0.270 or later

 

If you are running a version older the 7.0, it is highly recommend that you upgrade to 7.0.121307 (hot fixed version) at a minimum.

 

Q. What is the security vulnerability?
A. We found areas of the code where SQL/Command Injections and XSS might occur.

Q. What areas of the product does this vulnerability affect?

A. Provisioning, Service Desk Email, Error handling, Settings, Reporting, KB Articles.

Q. Do I need to upgrade to the latest version of the product?

A. We recommend at the very minimum that customers apply the hotfix.  All subsequent version upgrades (from 7.0) will contain the security vulnerability fix.  In this ever-changing landscape, KACE continually reviews external and third-party impact to the appliance security and implements changes as needed.

Q. How can I confirm that my appliance is at risk?

A. If you are on one of the affected versions, you may be at risk. However, we are not aware of any of these vulnerabilities being exploited to date.

 

Q. How can I be sure my appliance is no longer susceptible to this security vulnerability?

A. Please ensure that your current product version is one of those including the fix for the security vulnerability.  These versions have been published. You can verify your version by going to the appliance About page.

Q. Will this affect me if my appliance isn’t externally represented to the internet?
A. To avoid any potential risk, we recommend applying the fix to all affected appliances.

Q. Will this patch affect any other functionality?
A. No.

Q. What if I am on an older version?
A. Any version before 7.0 is no longer supported.  We recommend you upgrade to a supported version. Please refer to the Software Product Lifecycle for additional information:

https://support.quest.com/k1000-systems-management-appliance/lifecycle

https://support.quest.com/k2000-systems-deployment-appliance/lifecycle

 

Q. Do these vulnerabilities affect the KACE Agent installed on my endpoints?
A. No