Vulnerability Description
Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /common/user_profile.php. The affected parameter is sort_column.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace Systems Management Appliance | 9.1.317 |
Related Weaknesses (CWE)
References
- https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-repVendor Advisory
- https://www.quest.com/products/kace-systems-management-appliance/Product
- https://support.quest.com/kb/311388/quest-response-to-certezza-vulnerability-repVendor Advisory
- https://www.quest.com/products/kace-systems-management-appliance/Product
FAQ
What is CVE-2019-13078?
CVE-2019-13078 is a vulnerability with a CVSS score of 8.8 (HIGH). Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected com...
How severe is CVE-2019-13078?
CVE-2019-13078 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13078?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Kace Systems Management Appliance.