Reflected XSS Vulnerability in Quest KACE Systems Management Appliance
CVE-2019-12917

6.1MEDIUM

Key Information:

Vendor: Quest
Status: Kace Systems Management Appliance
Vendor: CVE Published:; 6 November 2019

What is CVE-2019-12917?

A reflected XSS vulnerability has been identified within the Quest KACE Systems Management Appliance Server Center version 9.1.317. This issue arises through the userui/software_library.php component, where improper handling of PATH_INFO allows an attacker to inject malicious scripts. Exploitation of this vulnerability may enable unauthorized actions, leading to potential unauthorized access or harmful interactions with users accessing the affected interface. Users are advised to implement the latest security patches and follow best practices for web application security to mitigate potential risks.

References

https://www.quest.com/products/kace-systems-management-ap...

x_refsource_MISC

https://support.quest.com/kb/311388/quest-response-to-cer...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2019
Vulnerability Reserved
Jun 20, 2019