CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12918

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile4.98th
Published2019年11月6日
Last Modified2024年11月21日

Vulnerability Description

Quest KACE Systems Management Appliance Server Center version 9.1.317 is vulnerable to SQL injection. The affected file is software_library.php and affected parameters are order[0][column] and order[0][dir].

Affected Platforms (CPE)

📦
Quest

Kace Systems Management Appliance

= 9.1.317

References & Advisories

🔗 https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report
🔗 https://www.quest.com/products/kace-systems-management-appliance/
🔗 https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-report
🔗 https://www.quest.com/products/kace-systems-management-appliance/

関連する脆弱性情報

CVE-2018-111369.8

The 'orgID' parameter received by the '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance ...

CVE-2017-125679.8

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 thro...

CVE-2019-205049.8

service/krashrpt.php in Quest KACE K1000 Systems Management Appliance before 6.4 SP3 (6.4.120822) allows a remote attacker to exec...

CVE-2018-111389.8

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous...