CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5362

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.038

EPSS Ranking 87.6%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html
http://www.securityfocus.com/archive/1/535286/100/1100/threaded
http://www.securityfocus.com/bid/74190
http://www.securitytracker.com/id/1032203
http://packetstormsecurity.com/files/131496/Landesk-Management-Suite-9.5-RFI-CSRF.html
http://www.securityfocus.com/archive/1/535286/100/1100/threaded
http://www.securityfocus.com/bid/74190
http://www.securitytracker.com/id/1032203

Products affected by CVE-2014-5362

Landesk » Landesk Management Suite » Version: N/A

cpe:2.3:a:landesk:landesk_management_suite:-
Landesk » Landesk Management Suite » Version: 8.7

cpe:2.3:a:landesk:landesk_management_suite:8.7
Landesk » Landesk Management Suite » Version: 8.8

cpe:2.3:a:landesk:landesk_management_suite:8.8
Landesk » Landesk Management Suite » Version: 9.6

cpe:2.3:a:landesk:landesk_management_suite:9.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5362

Products

Pricing

Contact Us