Remote Information Disclosure and Code Execution in Ivanti LANDESK Management Suite
CVE-2019-12375

6.3MEDIUM

Key Information:

Vendor: Ivanti
Status: Landesk Management Suite
Vendor: CVE Published:; 3 June 2019

What is CVE-2019-12375?

The Ivanti LANDESK Management Suite's open directory configuration in version 10.0.1.168 Service Update 5 may expose sensitive information through remote access. This vulnerability could allow attackers to gain unauthorized access to system data and execute arbitrary code, putting network security at significant risk.

References

https://www.gnzlabs.io/gnzlabs-blog/landesk-management-se...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2019
Vulnerability Reserved
May 27, 2019