SQL Injection Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5

SQL Injection Vulnerability in Ivanti LANDESK Management Suite (LDMS) 10.0.1.168 Service Update 5

CVE-2019-12374 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.