CVE-2014-5362

Name of the Vulnerable Software and Affected Versions: Landesk Management Suite versions 9.6 and earlier

Description: The issue allows remote attackers to conduct remote file inclusion attacks involving ASPX pages from third-party sites. This can be achieved via the d parameter to API endpoints such as "ldms/sm actionfrm.asp" or "remote/frm coremainfrm.aspx", or the top parameter to "remote/frm splitfrm.aspx".

Recommendations: For Landesk Management Suite versions 9.6 and earlier, consider restricting access to the admin interface and limiting the use of the d and top parameters in the affected API endpoints until a fix is available. As a temporary workaround, disabling the remote file inclusion functionality may help minimize the risk of exploitation.