VYPR

Kace Asset Management Appliance

by Quest

CVEs (2)

  • CVE-2017-12567CriAug 7, 2017
    risk 0.64cvss 9.8epss 0.01

    SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.

  • CVE-2022-1401Aug 16, 2022
    risk 0.00cvss epss 0.18

    Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.