Vulnerabilities > Ivanti > Landesk Management Suite
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-03 | CVE-2019-12377 | Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Landesk Management Suite 10.0.1.168 A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | 9.8 |
2019-06-03 | CVE-2019-12376 | Use of Hard-coded Credentials vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | 4.5 |
2019-06-03 | CVE-2019-12375 | Files or Directories Accessible to External Parties vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | 6.3 |
2019-06-03 | CVE-2019-12374 | SQL Injection vulnerability in Ivanti Landesk Management Suite 10.0.1.168 A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | 8.1 |
2019-06-03 | CVE-2019-12373 | Incorrect Permission Assignment for Critical Resource vulnerability in Ivanti Landesk Management Suite 10.0.1.168 Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | 9.0 |
2017-01-23 | CVE-2016-3147 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti Landesk Management Suite 10.0.0.271/9.60.0.244 Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. | 9.8 |