Quest KACE Systems Management Appliance
Moderate fix1 remedy
cpe:2.3:a:quest:kace_system_management_appliance:*:*:*:*:*:*:*, +3 more
Moderate fix1 remedy
- >= 14.1, < 14.1.101
Quest KACE Systems Management Appliance Unauthenticated Backup File Upload Vulnerability
Vulnerability
Patched
A vulnerability exists in Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 (Patch 5), and 14.1.x prior to 14.1.101 (Patch 4). This vulnerability allows unauthenticated users to upload backup files to the system. Although signature validation is in place, flaws in the validation process can be exploited to inject malicious content into the backup files, potentially compromising system integrity.
Impact
The vulnerability allows unauthenticated users to upload backup files, with the possibility of injecting malicious data that could compromise the system's integrity.
Remediation
Quest has released patches for this vulnerability in KACE SMA versions 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4). Administrators are advised to update to one of these versions.
Added: Jun 24, 2025, 3:31 PM
Updated: Jun 24, 2025, 3:31 PM
Vulnerability Rating
Custom Algorithm
spread
3.1impact
2.5exploitability
7.4remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.