Skip to main content

Landesk Management Suite

9 CVEs product

Monthly

CVE-2019-12377 CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE Landesk Management Suite
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-12376 MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
CVSS 3.0
4.5
EPSS
0.6%
CVE-2019-12375 MEDIUM This Month

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Ivanti RCE Path Traversal Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
6.3
EPSS
1.1%
CVE-2019-12374 HIGH POC This Week

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ivanti Landesk Management Suite
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-12373 CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
9.0
EPSS
1.0%
CVE-2014-5362 HIGH POC This Week

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
7.2
EPSS
3.8%
CVE-2016-3147 CRITICAL Act Now

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Landesk Management Suite
NVD VulDB
CVSS 3.1
9.8
EPSS
7.6%
CVE-2014-5361 MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Landesk Management Suite
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2014-5360 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Landesk Management Suite
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE +1
NVD
EPSS 1% CVSS 4.5
MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Ivanti RCE Path Traversal +2
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ivanti Landesk Management Suite
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
EPSS 4% CVSS 7.2
HIGH POC This Week

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Landesk Management Suite
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Landesk Management Suite
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Landesk Management Suite
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy