Summary
Detail | |||
---|---|---|---|
Vendor | Ivanti | First view | 2019-06-03 |
Product | Landesk Management Suite | Last view | 2019-06-03 |
Version | 10.0.1.168 | Type | Application |
Update | service_update_5 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:ivanti:landesk_management_suite |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.8 | 2019-06-03 | CVE-2019-12377 | A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. |
4.5 | 2019-06-03 | CVE-2019-12376 | Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. |
6.3 | 2019-06-03 | CVE-2019-12375 | Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. |
8.1 | 2019-06-03 | CVE-2019-12374 | A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. |
9 | 2019-06-03 | CVE-2019-12373 | Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
20% (1) | CWE-798 | Use of Hard-coded Credentials |
20% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
20% (1) | CWE-552 | Files or Directories Accessible to External Parties |
20% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
20% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |