-
Title
Quest response to Certezza vulnerability report -
Description
The Quest team received a report from Certezza regarding vulnerabilities involving the KACE System Management Appliance (SMA) below:
CVE-2019-12917 XSS vulnerability
CVE-2019-12918 SQL Injection vulnerability
CVE-2019-13076 SQL Injection vulnerability
CVE-2019-13077 XSS vulnerability
CVE-2019-13078 SQL Injection vulnerability
CVE-2019-13079 SQL Injection vulnerability
CVE-2019-13080 XSS vulnerability
CVE-2019-13081 XSS vulnerabilityQuest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
-
Resolution
All CVEs above (excluding CVE-2019-13080) have been resolved in our 10.0 release of the KACE SMA which can be downloaded here.
CVE-2019-13080 has been resolved in the upcoming 10.1 release of the SMA.
These vulnerabilities were submitted by Certezza