Vulnerabilities (CVE)

Filtered by vendor Quest Subscribe
Filtered by product Kace Systems Deployment Appliance
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33254 1 Quest 1 Kace Systems Deployment Appliance 2023-05-26 N/A 6.5 MEDIUM
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.