CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43716
https://notcve.org/view.php?id=CVE-2025-43716
23 Apr 2025 — A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. • https://forums.ivanti.com/s/article/Graphical-overview-of-the-LANDesk-Management-Gateway-Functionality • CWE-180: Incorrect Behavior Order: Validate Before Canonicalize •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12373
https://notcve.org/view.php?id=CVE-2019-12373
03 Jun 2019 — Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. El control de acceso incorrecto y los directorios abiertos en Ivanti LANDESK Management Suite (LDMS, también conocido como Endpoint Manager) 10.0.1.168 Service Update 5 pueden provocar la revelación remota de las contraseñas de los administradores. • https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-administrator-password-disclosure • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12374
https://notcve.org/view.php?id=CVE-2019-12374
03 Jun 2019 — A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. Existe una vulnerabilidad de Inyección de SQL en Ivanti LANDESK Management Suite (LDMS, también conocido como Endpoint Manager) 10.0.1.168 Service Update 5 debido a un saneamiento incorrecto del nombre de usuario en la imp... • https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12375
https://notcve.org/view.php?id=CVE-2019-12375
03 Jun 2019 — Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Los directorios abiertos en Ivanti LANDESK Management Suite (LDMS, también conocido como Endpoint Manager) 10.0.1.168 Service Update 5 pueden llevar a la revelación remota de información y la ejecución de código arbitrario. • https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-open-directories • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12376
https://notcve.org/view.php?id=CVE-2019-12376
03 Jun 2019 — Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. El uso de una clave de cifrado codificada en forma rígida en Ivanti LANDESK Management Suite (LDMS, conocido como Endpoint Manager) 10.0.1.168 Service Update 5 puede llevar a un compromiso total de punto final administrado por un usuario identificado con privilegios de lectura. • https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-hard-coded-encryption-key • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2019-12377
https://notcve.org/view.php?id=CVE-2019-12377
03 Jun 2019 — A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. Un extremo de API web upl / async_upload.asp vulnerable en Ivanti LANDESK Management Suite (LDMS, también conocido como Endpoint Manager) 10.0.1.168 Service Update 5 permite la carga arbitraria de archivos, lo que puede llevar a la ejecución de código remoto arbitrario. • https://www.gnzlabs.io/gnzlabs-blog/landesk-management-server-arbitrary-file-upload • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 0CVE-2016-3147
https://notcve.org/view.php?id=CVE-2016-3147
23 Jan 2017 — Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet. Desbordamiento de búfer en el listener collector.exe de Landesk Management Suite 10.0.0.271 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un paquete grande. • http://www.securityfocus.com/bid/93565 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •