Vulnerability Description
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace Systems Management Appliance Firmware | < 9.0.270 |
| Quest | Kace Systems Management Appliance | - |
Related Weaknesses (CWE)
References
- https://support.quest.com/kb/288310/cert-coordination-center-report-updateVendor Advisory
- https://www.kb.cert.org/vuls/id/877837/Third Party AdvisoryUS Government Resource
- https://support.quest.com/kb/288310/cert-coordination-center-report-updateVendor Advisory
- https://www.kb.cert.org/vuls/id/877837/Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-5404?
CVE-2018-5404 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection...
How severe is CVE-2018-5404?
CVE-2018-5404 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5404?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Kace Systems Management Appliance Firmware, Quest Kace Systems Management Appliance.