CVE-2020-13774 – An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2 …

12 November 2020

Vuln ID: CVE-2020-13774

Published: 2020-11-12 20:15:16Z

Description: An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient file extension validation and insecure file operations on the uploaded image, which upon failure will leave the temporarily created files in an accessible location on the server.

Source: NVD.NIST.GOV

Date:

12 November 2020

Categorie(s):

NVD

Tag(s):

NVD

Microsoft reminder: Support for Office 2016 and 2019 ends next year19 April 2024
Google consolidates AI teams into DeepMind to scale capacity19 April 2024
How ADR – application detection and response – can become the ‘EDR for apps’19 April 2024
Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals19 April 2024
Akira Ransomware Attacks Over 250 Organizations and Collects $42 Million19 April 2024