← Back

Quest

quest

134 CVEs • 17 products

Products (17)

Click to collapse
Toggle
Disk Backup
disk_backup
52 CVEs
Netvault Backup
netvault_backup
25 CVEs
Kace Systems Management Appliance
kace_systems_management_appliance
16 CVEs
Policy Authority For Unified Communications
policy_authority_for_unified_communications
13 CVEs
Kace System Management Appliance
kace_system_management_appliance
11 CVEs
Kace Desktop Authority
kace_desktop_authority
5 CVEs
Kace Systems Management Appliance Firmware
kace_systems_management_appliance_firmware
3 CVEs
Intrust
intrust
2 CVEs
Toad For Data Analysts
toad_for_data_analysts
1 CVE
Privilege Manager
privilege_manager
1 CVE
Privilege Manager For Unix
privilege_manager_for_unix
1 CVE
Kace Asset Management Appliance
kace_asset_management_appliance
1 CVE
K1000 As A Service
k1000_as_a_service
1 CVE
Kace Systems Management
kace_systems_management
1 CVE
Foglight Evolve
foglight_evolve
1 CVE
Kace Systems Deployment Appliance
kace_systems_deployment_appliance
1 CVE
One Identity
one_identity
1 CVE

CVEs (134)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-67813
1Quest
1Kace Desktop Authority
Jan 20, 2026
Jan 12, 2026
N/A· v4
5.3 MEDIUM· v3
N/A· v2
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
CVE-2025-56689
1Quest
1One Identity
Sep 16, 2025
Sep 3, 2025
N/A· v4
4.6 MEDIUM· v3
N/A· v2
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or c...Show more
One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attacker who intercepts or captures a valid OTP response can bypass the OTP verification step by replaying the same response. NOTE: this is disputed by the Supplier because, by design, the product successfully authenticates a client that possesses a cookie whose validity time interval includes the current time, and thus authentication after any type of "interception" is not a violation of the security model. (The cookie has the HttpOnly attribute.)Show less
CVE-2025-32975
1Quest
1Kace Systems Management Appliance
Apr 21, 2026
Jun 24, 2025
N/A· v4
10.0 CRITICAL· v3
N/A· v2
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypas...Show more
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.Show less
CVE-2023-33254
1Quest
1Kace Systems Deployment Appliance
Jan 31, 2025
May 21, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an...Show more
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.Show less
CVE-2022-38220
1Quest
1Kace Systems Management Appliance
Mar 18, 2025
Mar 1, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.
CVE-2022-30285
1Quest
1Kace Systems Management Appliance
Nov 21, 2024
Aug 2, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.
CVE-2022-29808
1Quest
1Kace Systems Management Appliance
Nov 21, 2024
Aug 2, 2022
N/A· v4
7.5 HIGH· v3
N/A· v2
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVE-2022-29807
1Quest
1Kace Systems Management Appliance
Nov 21, 2024
Aug 2, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
CVE-2021-44031
1Quest
1Kace Desktop Authority
Nov 21, 2024
Dec 22, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code executio...Show more
An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.Show less
CVE-2021-44030
1Quest
1Kace Desktop Authority
Nov 21, 2024
Dec 22, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
CVE-2021-44029
1Quest
1Kace Desktop Authority
Nov 21, 2024
Dec 22, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An at...Show more
An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function of ASP.NET AJAX. An attacker can leverage this vulnerability when the encryption keys are known (due to the presence of CVE-2017-11317, CVE-2017-11357, or other means). A default setting for the type whitelisting feature in more current versions of ASP.NET AJAX prevents exploitation.Show less
CVE-2021-44028
1Quest
1Kace Desktop Authority
Nov 21, 2024
Dec 22, 2021
N/A· v4
5.5 MEDIUM· v3
4.3 MEDIUM· v2
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.
CVE-2020-35727
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35726
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOT...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35725
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerabilit...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35724
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35723
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerab...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35722
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affect...Show more
CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35721
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerabili...Show more
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2020-35720
1Quest
1Policy Authority For Unified Communications
Nov 21, 2024
Jan 11, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOT...Show more
Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less