CVE-2014-5361: CSRF
First published: Tue Apr 21 2015(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti LANDESK Management Suite | <=9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-5361?
CVE-2014-5361 is classified as a medium severity vulnerability due to its potential to allow attackers to hijack sessions.
How do I fix CVE-2014-5361?
To fix CVE-2014-5361, update Landesk Management Suite to a version later than 9.6 that addresses these vulnerabilities.
What types of attacks can CVE-2014-5361 facilitate?
CVE-2014-5361 can facilitate cross-site request forgery (CSRF) attacks, allowing unauthorized actions to be performed on behalf of an administrator.
Who is affected by CVE-2014-5361?
CVE-2014-5361 affects users of Landesk Management Suite versions 9.6 and earlier.
What actions can be hijacked due to CVE-2014-5361?
CVE-2014-5361 allows attackers to potentially hijack the authentication for starting, stopping, or restarting services.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/softwarecombine
- vendor/landesk
- canonical/ivanti landesk management suite
- version/ivanti landesk management suite/9.6