Return
-
Title
Quest response to KACE SMA vulnerability: CVE-2022-38220 -
Description
The Quest team has been made aware regarding vulnerabilities involving the KACE System Management Appliance product below:
CVE-2022-38220 : XSS Vulnerability from API
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here. -
Cause
CVE-2022-38220 : An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. -
Resolution
The KACE SMA vulnerability reported under CVE-2022-38220 is resolved in the latest KACE SMA version 13.0, available for download at the support portal or for automatic update through the KACE SMA adminui Settings | Appliance Updates.