Vulnerability Description
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticket_list.php, and affected parameters are order[0][column] and order[0][dir].
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace Systems Management Appliance | 9.1.317 |
Related Weaknesses (CWE)
References
- https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-repVendor Advisory
- https://www.quest.com/products/kace-systems-management-appliance/Product
- https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-repVendor Advisory
- https://www.quest.com/products/kace-systems-management-appliance/Product
FAQ
What is CVE-2019-13076?
CVE-2019-13076 is a vulnerability with a CVSS score of 8.8 (HIGH). Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected com...
How severe is CVE-2019-13076?
CVE-2019-13076 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13076?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Kace Systems Management Appliance.