Reflected XSS in Quest KACE Systems Management Appliance
CVE-2019-11604

6.1MEDIUM

Key Information:

Vendor

Quest

Status
Kace Systems Management Appliance
Vendor
CVE Published:
24 May 2019

What is CVE-2019-11604?

A vulnerability in the Quest KACE Systems Management Appliance allows attackers to leverage unauthenticated reflected XSS due to insufficient validation and sanitization of user-supplied input in the METHOD GET parameter of the /service/kbot_service_notsoap.php script. This flaw could enable the execution of arbitrary script code in the context of the affected page, posing significant security risks to users.

References

https://www.rcesecurity.com/
x_refsource_MISC
http://packetstormsecurity.com/files/153053/Quest-KACE-Sy...
x_refsource_MISC
http://seclists.org/fulldisclosure/2019/May/40
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-11604 : Reflected XSS in Quest KACE Systems Management Appliance