Core Security Technologies Advisory - A security vulnerability was discovered in LANDesk Management Suite: The Landesk web application does not sufficiently verify if a well-formed request was provided by the user who submitted the request. Using this information an external remote attacker can run arbitrary code using the 'gsbadmin' user (that is the user running the web-server). In order to be able to successfully make the attack, the administrator must be logged in to the appliance with the browser that the attacker uses to make the attack (for instance, exploiting a XSS in a different tab in the browser).
3dc2b0c9c31c4becfd753be92f87f46eef1496e094193a2f7775f7b49bd1734b