exploitDog

GHSA-fcvv-549h-h48p

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.1

Описание

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

Ссылки

EPSS

Процентиль: 70%

0.00657

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2019-12374

CVSS3: 8.1

nvd

больше 6 лет назад

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

EPSS

Процентиль: 70%

0.00657

Низкий

8.1 High

CVSS3

CVE ID

Дефекты

CWE-89