Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A directory traversal vulnerability exists in Ivanti LANDesk Management Gateway through 4.2-1.9. By appending %3F.php to the URI of the /client/index.php endpoint, an attacker can bypass access controls and gain unauthorized access to various endpoints such as /client/index.php%3F.php/gsb/firewall.php within the management web panel, potentially exposing sensitive device information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Vulnerability Type
不正确的行为次序:规范化之前验证
Vulnerability Title
Ivanti LANDesk Management Gateway 安全漏洞
Vulnerability Description
Ivanti LANDesk Management Gateway是美国Ivanti公司的一种用于桥接传入连接的设备。 Ivanti LANDesk Management Gateway 4.2-1.9及之前版本存在安全漏洞,该漏洞源于目录遍历漏洞,可能导致未经授权访问管理面板。
CVSS Information
N/A
Vulnerability Type
N/A