CNNVD-202506-3088 Information
CNNVD ID
CNNVD-202506-3088
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Quest Software KACE Systems Management Appliance(Quest KACE SMA)是美国Quest Software公司的一个自动化和简化 IT 系统管理平台。 Quest Software KACE Systems Management Appliance存在安全漏洞,该漏洞源于SSO身份验证处理机制存在缺陷,可能导致完全接管管理员权限。以下版本受到影响:13.0.385之前版本、13.1.81之前版本、13.2.183之前版本、14.0.341之前版本和14.1.101之前版本。
Description (English)
Quest Software KACE Systems Management Application is an automated and simplified IT management platform for Quest KACESM. There is a security loophole in Quest Software KACE Systems Management Application, which stems from deficiencies in the SSO identification processing mechanism, which may lead to the full assumption of administrator authority. The following versions were affected: pre-13.0.385, pre-1.3.81, pre-13.2.183, pre-14.0341 and pre-14.1.101.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Quest Software
Published
2025-06-24
Last Modified
2026-02-24
References
https://seclists.org/fulldisclosure/2025/Jun/22 https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 https://seralys.com/research/CVE-2025-32975.txt https://access.redhat.com/security/cve/cve-2025-32975
Patch
https://support.quest.com/kace-systems-management-appliance/14.1/download-new-releases
Share on: