The Quest team received a report from Certezza regarding vulnerabilities involving the KACE System Management Appliance (SMA) below:
CVE-2019-12917 XSS vulnerability
CVE-2019-12918 SQL Injection vulnerability
CVE-2019-13076 SQL Injection vulnerability
CVE-2019-13077 XSS vulnerability
CVE-2019-13078 SQL Injection vulnerability
CVE-2019-13079 SQL Injection vulnerability
CVE-2019-13080 XSS vulnerability
CVE-2019-13081 XSS vulnerability
Quest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
All CVEs above (excluding CVE-2019-13080) have been resolved in our 10.0 release of the KACE SMA which can be downloaded here.
CVE-2019-13080 has been resolved in the upcoming 10.1 release of the SMA.
These vulnerabilities were submitted by Certezza