Kapil Khot

Pesquisador deKordia Group Limited
#11549de 53,639
23.8CVSS total
Vulnerabilidades · 3
Média
1
Alta
2
PT-2025-15047
8.0
2025-04-05
Ibm · Ibm Maximo Application Suite · CVE-2025-1500
**Nome do Software Vulnerável e Versões Afetadas** IBM Maximo Application Suite versão 9.0 **Descrição** A vulnerabilidade permite que um usuário autenticado faça upload de arquivos com tipos perigosos que podem ser executados por outro usuário ao serem abertos. **Recomendações** Para o IBM Maximo Application Suite versão 9.0, considere restringir as capacidades de upload de arquivos para impedir o envio de tipos de arquivo perigosos até que uma correção esteja disponível. Como medida temporária, limite o acesso ao upload de arquivos apenas a usuários confiáveis e garanta que todos os arquivos carregados sejam minuciosamente verificados em busca de conteúdo malicioso.
PT-2019-10963
6.5
2019-06-03
Quest · Quest Kace K1000 Appliance · CVE-2018-5404
Name of the Vulnerable Software and Affected Versions: Quest Kace K1000 Appliance versions prior to 9.0.270 Description: The issue allows an authenticated, remote attacker with limited privileges to potentially exploit multiple Blind SQL Injection vulnerabilities. This could enable the attacker to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. Recommendations: For versions prior to 9.0.270, update to version 9.0.270 or later to resolve the issue.
PT-2019-10965
9.3
2019-06-03
Quest · Quest Kace K1000 Appliance · CVE-2018-5406
Name of the Vulnerable Software and Affected Versions: Quest Kace K1000 Appliance versions prior to 9.0.270 Description: The issue allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges and use the appliance to visit a malicious link that exploits this issue, causing the application to perform sensitive actions. Recommendations: For Quest Kace K1000 Appliance versions prior to 9.0.270, update to version 9.0.270 or later to resolve the issue. As a temporary workaround, consider restricting access to the appliance's settings and administrator account management functions until a patch is applied.