Back to search
CVE-2018-5404
Published: Jun 3, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data.
| Vendor | Product | Versions |
|---|---|---|
Quest Kace | K1000 Appliance | affected 9.0.270 - < 9.0.270 |
Weaknesses (CWE)
References
VU#877837
third-party-advisory
x_refsource_CERT-VN
https://support.quest.com/kb/288310/cert-coordination-center-report-update
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now