K1000 Appliance
by Quest Kace
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5406 | Hig | 0.61 | 8.8 | 0.12 | Jun 3, 2019 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new… | ||
| CVE-2018-5404 | Med | 0.46 | 6.5 | 0.04 | Jun 3, 2019 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy… | ||
| CVE-2018-5405 | Med | 0.38 | 5.4 | 0.04 | Jun 3, 2019 | The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal… |
- risk 0.61cvss 8.8epss 0.12
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new…
- risk 0.46cvss 6.5epss 0.04
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy…
- risk 0.38cvss 5.4epss 0.04
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal…