KACE Desktop Authority
by Quest
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44031 | Cri | 0.64 | 9.8 | 0.02 | Dec 22, 2021 | An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at… | ||
| CVE-2021-44029 | Cri | 0.64 | 9.8 | 0.01 | Dec 22, 2021 | An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption… | ||
| CVE-2021-44030 | Med | 0.40 | 6.1 | 0.04 | Dec 22, 2021 | Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | ||
| CVE-2021-44028 | Med | 0.36 | 5.5 | 0.03 | Dec 22, 2021 | XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. | ||
| CVE-2025-67813 | 0.00 | — | 0.00 | Jan 12, 2026 | Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at…
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption…
- risk 0.40cvss 6.1epss 0.04
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
- risk 0.36cvss 5.5epss 0.03
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
- CVE-2025-67813Jan 12, 2026risk 0.00cvss —epss 0.00
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication