CyberSec.Space Logo
Back to CVE Browser

CVE-2019-12373

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1930%
EPSS Percentile8.90th
PublishedJun 3, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.

Affected Platforms (CPE)

πŸ“¦
Ivanti

Landesk Management Suite

= 10.0.1.168

References & Advisories

πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-administrator-password-disclosure/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-administrator-password-disclosure/
πŸ”— https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

Related Vulnerabilities

CVE-2007-167410.0

Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in LANDesk Management Suite 8.7 allows remote attackers to execute...

CVE-2008-246810.0

Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Mana...

CVE-2019-123779.8

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Serv...

CVE-2016-31479.8

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to ca...