Skip to content

An issue was discovered in Quest KACE Desktop Authority...

Critical severity Unreviewed Published Dec 23, 2021 to the GitHub Advisory Database • Updated Feb 3, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

An issue was discovered in Quest KACE Desktop Authority before 11.2. /dacomponentui/profiles/profileitems/outlooksettings/Insertimage.aspx contains a vulnerability that could allow pre-authentication remote code execution. An attacker could upload a .ASP file to reside at /images/{GUID}/{filename}.

References

Published by the National Vulnerability Database Dec 22, 2021
Published to the GitHub Advisory Database Dec 23, 2021
Last updated Feb 3, 2023

Severity

Critical

EPSS score

3.556%
(92nd percentile)

Weaknesses

CVE ID

CVE-2021-44031

GHSA ID

GHSA-8q8x-2f93-mwpm

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.