CVE-2014-5362 in LANDesk Management Suiteinfo

Summary

The admin interface in Landesk Management Suite 9.6 and earlier allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites via the d parameter to (1) ldms/sm_actionfrm.asp or (2) remote/frm_coremainfrm.aspx; or the (3) top parameter to remote/frm_splitfrm.aspx.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

08/19/2014

Disclosure

09/19/2017

Moderation

VulDB entry created

Entries

VDB-106825 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

5.9

EPSS

0.03788

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-5362
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-5362
CVE Details	https://www.cvedetails.com/cve/CVE-2014-5362/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!