CVE-2017-12567

SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:quest:kace_asset_management_appliance:6.4.120822:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_asset_management_appliance:7.2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:quest:kace_systems_management_appliance:6.4.120822:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.2:*:*:*:*:*:*:*
cpe:2.3:a:quest:kace_systems_management_appliance:7.2.101:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:quest:k1000_as_a_service:7.0:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.0.121306:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.1:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.1.149:*:*:*:*:*:*:*
cpe:2.3:a:quest:k1000_as_a_service:7.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-08-07 16:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-12567

Mitre link : CVE-2017-12567

CVE.ORG link : CVE-2017-12567


JSON object : View

Products Affected

quest

  • kace_systems_management_appliance
  • k1000_as_a_service
  • kace_asset_management_appliance
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')