CVE-2019-12374

CVSS 8.1 - HIGH
Description

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

Affected Products
1
Vendor Product Version
ivanti landesk_management_suite 10.0.1.168
References
https://www.gnzlabs.io/gnzlabs-blog/landesk-manage...
https://www.gnzlabs.io/gnzlabs-blog/landesk-manage...
https://www.gnzlabs.io/gnzlabs-blog/landesk-manage...
https://www.gnzlabs.io/gnzlabs-blog/landesk-manage...
Weakness Types
CWE-89
CVE Information
CVE ID:
CVE-2019-12374
Published:
2019-06-03
Modified:
2024-11-21
CVSS Score:
8.1
Severity:
HIGH
Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Vendors
ivanti
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL