Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

CERT Coordination Center report update (4278314)

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

CERT Coordination Center report update
Description

The Quest team received a report from CERT Coordination Center regarding vulnerabilities involving the KACE System Management Appliance(SMA) below:

CVE-2018-5404 Blind SQL Injection Vulnerability
CVE-2018-5405 Stored XSS Vulnerability
CVE-2018-5406 Misconfigured CORS Vulnerability

Quest takes the handling of vulnerabilities seriously, and we investigate and respond to all reported potential vulnerabilities. Our vulnerability reporting and response process can be found here.
Resolution

Quest's investigation has determined that successful user authentication to the Admin or System user interfaces is required to take advantage of any of these vulnerabilities.

These vulnerabilities have been addressed in our 9.1 release of the KACE SMA which can be downloaded here.

Vulnerabilities submitted by CERT Coordination Center

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Request a KB Article

Leave a Comment

Recommended Content

Product(s):: KACE Systems Management Appliance; KACE as a Service

Topic(s):: Troubleshooting

Article History:: Created on: 5/21/2019
Last Update on: 5/7/2023

Search All Articles

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center