Sql injection

2019-06-0320:29:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.9%

JSON

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

CPENameOperatorVersion
landesk_management_suiteeq10.0.1.168 serviceupdate5

CPE	Name	Operator	Version
	landesk_management_suite	eq	10.0.1.168 serviceupdate5

References

www.gnzlabs.io/gnzlabs-blog/landesk-management-server-multiple-vulnerabilities/

www.gnzlabs.io/gnzlabs-blog/landesk-management-server-sql-injection/