RSS   Vulnerabilities for 'Kace desktop authority'   RSS

2021-12-22
 
CVE-2021-44030

CWE-79
 

 
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.

 
 
CVE-2021-44031

CWE-434
 

 
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

 

 >>> Vendor: Quest 13 Products
Toad for data analysts
Intrust
Netvault backup
Privilege manager
Privilege manager for unix
Kace asset management appliance
Kace systems management appliance
K1000 as a service
Kace system management appliance
Kace systems management
Foglight evolve
Policy authority for unified communications
Kace desktop authority


Copyright 2024, cxsecurity.com

 

Back to Top