Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Jun 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-306 | |
Metrics |
cvssV3_1
|
Tue, 24 Jun 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-06-24T00:00:00.000Z
Updated: 2025-06-24T15:01:02.605Z
Reserved: 2025-04-15T00:00:00.000Z
Link: CVE-2025-32978

Updated: 2025-06-24T15:00:17.401Z

Status : Awaiting Analysis
Published: 2025-06-24T15:15:24.260
Modified: 2025-06-26T18:58:14.280
Link: CVE-2025-32978

No data.