Vulnerabilities > Ivanti > Landesk Management Suite

DATE CVE VULNERABILITY TITLE RISK
2019-06-03 CVE-2019-12377 Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Landesk Management Suite 10.0.1.168
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.
network
low complexity
ivanti CWE-434
critical
9.8
2019-06-03 CVE-2019-12376 Use of Hard-coded Credentials vulnerability in Ivanti Landesk Management Suite 10.0.1.168
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
low complexity
ivanti CWE-798
4.5
2019-06-03 CVE-2019-12375 Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.
low complexity
ivanti CWE-552
6.3
2019-06-03 CVE-2019-12374 SQL Injection vulnerability in Ivanti Landesk Management Suite 10.0.1.168
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.
network
high complexity
ivanti CWE-89
8.1
2019-06-03 CVE-2019-12373 Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Landesk Management Suite 10.0.1.168
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.
low complexity
ivanti CWE-732
critical
9.0
2017-01-23 CVE-2016-3147 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti Landesk Management Suite 10.0.0.271/9.60.0.244
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.
network
low complexity
ivanti CWE-119
critical
9.8