The Quest team received a report from CERT Coordination Center regarding vulnerabilities involving the KACE System Management Appliance(SMA) below:
CVE-2018-5404 Blind SQL Injection Vulnerability
CVE-2018-5405 Stored XSS Vulnerability
CVE-2018-5406 Misconfigured CORS Vulnerability
Quest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
Quest's investigation has determined that successful user authentication to the Admin or System user interfaces is required to take advantage of any of these vulnerabilities.
These vulnerabilities have been addressed in our 9.1 release of the KACE SMA which can be downloaded here.
Vulnerabilities submitted by CERT Coordination Center