- How many CVEs does Quest have?
- Quest has 149 published CVE records since 2012, including 15 in the last two years.
- How many Quest CVEs are in CISA KEV?
- Yes — 2 of Quest's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Quest products have the most CVEs?
- The Quest products with the most published CVEs are disk backup, NetVault Backup, Quest NetVault Backup, KACE Systems Management Appliance, policy authority for unified communications.
- What are the most common weakness types in Quest CVEs?
- Quest's CVEs most often map to these CWE weakness types: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-287 (Improper Authentication).
- Are there public exploits for Quest vulnerabilities?
- Yes — 68 of Quest's CVEs have a known public exploit.
- How many critical Quest vulnerabilities are there?
- Quest has 43 critical and 75 high-severity CVEs.
- What is the average severity of Quest CVEs?
- The average CVSS base score across Quest's scored CVEs is 8.4.