Ivanti Landesk Management Suite vulnerabilities
7 known vulnerabilities affecting ivanti/landesk_management_suite.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-12377P2CRITICALCVSS 9.8v10.0.1.1682019-06-03
CVE-2019-12377 [CRITICAL] CWE-434 CVE-2019-12377: A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka End
A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution.
nvd
CVE-2016-3147P3CRITICALCVSS 9.8≤ 10.0.0.2712017-01-23
CVE-2016-3147 [CRITICAL] CWE-119 CVE-2016-3147: Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier
Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.
nvd
CVE-2019-12374P3HIGHCVSS 8.1v10.0.1.1682019-06-03
CVE-2019-12374 [HIGH] CWE-89 CVE-2019-12374: A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager)
A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.
nvd
CVE-2019-12373P3CRITICALCVSS 9.0v10.0.1.1682019-06-03
CVE-2019-12373 [CRITICAL] CWE-732 CVE-2019-12373: Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint
Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords.
nvd
CVE-2025-43716P4MEDIUMCVSS 5.8≤ 4.2-1.92025-04-23
CVE-2025-43716 [MEDIUM] CWE-180 CVE-2025-43716: A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially expo
nvd
CVE-2019-12375P4MEDIUMCVSS 6.3v10.0.1.1682019-06-03
CVE-2019-12375 [MEDIUM] CWE-552 CVE-2019-12375: Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service
Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution.
nvd
CVE-2019-12376P4MEDIUMCVSS 4.5v10.0.1.1682019-06-03
CVE-2019-12376 [MEDIUM] CWE-798 CVE-2019-12376: Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 1
Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges.
nvd