Vulnerability Description
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace Systems Management Appliance | <= 12.1 |
Related Weaknesses (CWE)
References
- https://support.quest.com/kb/339613Broken Link
- https://support.quest.com/kb/4368602/quest-response-to-kace-sma-vulnerability-cvVendor Advisory
- https://support.quest.com/kb/339613Broken Link
- https://support.quest.com/kb/4368602/quest-response-to-kace-sma-vulnerability-cvVendor Advisory
FAQ
What is CVE-2022-38220?
CVE-2022-38220 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
How severe is CVE-2022-38220?
CVE-2022-38220 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38220?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Kace Systems Management Appliance.