CyberSec.Space Logo
Back to CVE Browser

CVE-2021-44028

MEDIUM
5.5
CVSS Severity Score
EPSS Score0.1840%
EPSS Percentile9.72th
PublishedDec 22, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.

Affected Platforms (CPE)

📦
Quest

Kace Desktop Authority

>= 10.0 and < 11.2

References & Advisories

🔗 https://support.quest.com/kace-desktop-authority/kb/336098/quest-response-to-desktop-authority-vulnerabilities-prior-to-11-2
🔗 https://support.quest.com/kace-desktop-authority/kb/336098/quest-response-to-desktop-authority-vulnerabilities-prior-to-11-2

Related Vulnerabilities

CVE-2021-440299.8

An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code th...

CVE-2021-440319.8

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertim...

CVE-2021-440306.1

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefil...

CVE-2021-2732910.0

Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.