Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ivanti | First view | 2019-06-03 |
| Product | Landesk Management Suite | Last view | 2019-06-03 |
| Version | 10.0.1.168 | Type | Application |
| Update | service_update_5 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ivanti:landesk_management_suite | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2019-06-03 | CVE-2019-12377 | A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. |
| 4.5 | 2019-06-03 | CVE-2019-12376 | Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. |
| 6.3 | 2019-06-03 | CVE-2019-12375 | Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. |
| 8.1 | 2019-06-03 | CVE-2019-12374 | A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. |
| 9 | 2019-06-03 | CVE-2019-12373 | Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 20% (1) | CWE-798 | Use of Hard-coded Credentials |
| 20% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 20% (1) | CWE-552 | Files or Directories Accessible to External Parties |
| 20% (1) | CWE-434 | Unrestricted Upload of File with Dangerous Type |
| 20% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
