CVE-2017-12567

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quest:kace_asset_management_appliance:6.4.120822:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:quest:kace_systems_management_appliance:6.4.120822:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.2:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.2.101:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:quest:k1000_as_a_service:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.2:*:*:*:*:*:*:*

History

21 Nov 2024, 03:09

Type Values Removed Values Added
References () https://support.quest.com/kace-systems-management-appliance/kb/231874 - Vendor Advisory () https://support.quest.com/kace-systems-management-appliance/kb/231874 - Vendor Advisory

Information

Published : 2017-08-07 16:29

Updated : 2024-11-21 03:09


NVD link : CVE-2017-12567

Mitre link : CVE-2017-12567

CVE.ORG link : CVE-2017-12567


JSON object : View

Products Affected

quest

  • kace_asset_management_appliance
  • kace_systems_management_appliance
  • k1000_as_a_service
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')