Vulnerabilities > Landesk > Landesk Management Suite > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-19 | CVE-2014-5362 | Improper Input Validation vulnerability in Landesk Management Suite 8.7/8.8/9.6 The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx. | 6.5 |
2015-04-21 | CVE-2014-5361 | Cross-Site Request Forgery (CSRF) vulnerability in Landesk Management Suite 8.7/8.8/9.6 Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx. | 6.8 |
2015-02-03 | CVE-2014-5360 | Cross-site Scripting vulnerability in Landesk Management Suite 8.7/8.8/9.6 Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. | 4.3 |