http://www.kace.com/support/kb/index.php?action=artikel&id=1120&artlang=en

VU#193529

The remote Dell KACE K2000 appliance is affected by multiple vulnerabilities :

  - The appliance stores the recovery account password in     plaintext within a PHP script. (CVE-2011-4046)

  - The appliance can allow arbitrary command execution by     leveraging database write access. (CVE-2011-4047)

  - An information disclosure vulnerability exists as the     appliance contains a default username and password for a     read-only reporting account. (CVE-2011-4048)

  - The appliance's web interface is affected by multiple     cross-site scripting (XSS) vulnerabilities.
    (CVE-2011-4436)

CVE-2011-4436

LOW

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

high