CVE Tools

quest

Enterprise SoftwareUScommercial

105

Cumulative CVEs

7

Monthly snapshots

#15

Peak rank

Top products

kace desktop authority4

Latest CVEs

The 15 most recently published vulnerabilities affecting quest.

CVE-2025-67813Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication5.3Jan 12, 2026
CVE-2025-56689One Identity by Quest Safeguard for Privileged Passwords Appliance 7.5.1.20903 is vulnerable to One Time Password (OTP)/Multifactor Authentication (MFA) bypass using response manipulation. An attac...4.6Sep 3, 2025
CVE-2025-26850The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.9.3Jul 4, 2025
CVE-2025-32975Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains ...KEV10.0Jun 24, 2025
CVE-2023-33254There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domai...6.5May 21, 2023
CVE-2022-38220An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.6.1Feb 28, 2023
CVE-2022-29807A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.9.8Aug 2, 2022
CVE-2022-30285In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.9.8Aug 2, 2022
CVE-2022-29808In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.7.5Aug 2, 2022
CVE-2021-44029An issue was discovered in Quest KACE Desktop Authority before 11.2. This vulnerability allows attackers to execute remote code through a deserialization exploitation in the RadAsyncUpload function...9.8Dec 22, 2021
CVE-2021-44031An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authenticati...9.8Dec 22, 2021
CVE-2021-44030Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.6.1Dec 22, 2021
CVE-2021-44028XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285.5.5Dec 22, 2021
CVE-2020-35727Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. N...5.4Jan 11, 2021
CVE-2020-35726Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file vi...6.1Jan 11, 2021