VYPR

K1000 Appliance

by Quest Kace

CVEs (3)

  • CVE-2018-5406HigJun 3, 2019
    risk 0.61cvss 8.8epss 0.12

    The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new…

  • CVE-2018-5404MedJun 3, 2019
    risk 0.46cvss 6.5epss 0.04

    The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy…

  • CVE-2018-5405MedJun 3, 2019
    risk 0.38cvss 5.4epss 0.04

    The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal…