SQL Injection Vulnerability in Ivanti LANDESK Management Suite
CVE-2019-12374
8.1HIGH
What is CVE-2019-12374?
A SQL Injection vulnerability is present in Ivanti LANDESK Management Suite, specifically in the Basic Authentication mechanism. This flaw stems from inadequate sanitization of usernames within the core/provisioning.secure/ProvisioningSecure.asmx component of Provisioning.Secure.dll. An attacker could exploit this weakness to execute arbitrary SQL commands through crafted input, potentially compromising sensitive data and the integrity of the management system.