Return
-
Title
Quest response to KACE SMA vulnerabilities: CVE-2022-29807 -
Description
The Quest team has been made aware regarding a vulnerability involving the KACE System Management Appliance product below:
Quest takes handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here. -
Cause
CVE-2022-29807: A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution. -
Resolution
The KACE SMA vulnerability reported under CVE-2022-29807 is resolved in version 12.1.168 of the KACE Systems Management Appliance, available for download here.
If unable to upgrade to the latest version at this time, please refer to KACE SMA April 2022 Critical Security Hotfix.