Filtered by vendor Ivanti
Subscribe
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-7571 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-17 | N/A | 7.8 HIGH |
| Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2024-11773 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 9.1 CRITICAL |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | |||||
| CVE-2024-11772 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 9.1 CRITICAL |
| Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | |||||
| CVE-2024-11639 | 1 Ivanti | 1 Cloud Services Appliance | 2025-01-17 | N/A | 10.0 CRITICAL |
| An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | |||||
| CVE-2024-9844 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | N/A | 7.1 HIGH |
| Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | |||||
| CVE-2024-11633 | 1 Ivanti | 1 Connect Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | |||||
| CVE-2024-11634 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-01-17 | N/A | 9.1 CRITICAL |
| Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) | |||||
| CVE-2024-13181 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | |||||
| CVE-2024-13180 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.5 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | |||||
| CVE-2024-13179 | 1 Ivanti | 1 Avalanche | 2025-01-16 | N/A | 7.3 HIGH |
| Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | |||||
| CVE-2025-0283 | 1 Ivanti | 3 Connect Secure, Neurons For Zero-trust Access, Policy Secure | 2025-01-14 | N/A | 7.0 HIGH |
| A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2025-01-07 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2023-35082 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-26 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. | |||||
| CVE-2023-35081 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-20 | N/A | 7.2 HIGH |
| A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. | |||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2024-12-20 | N/A | 9.8 CRITICAL |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
| CVE-2023-35078 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-20 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | |||||
| CVE-2024-50331 | 1 Ivanti | 1 Avalanche | 2024-12-18 | N/A | 7.5 HIGH |
| An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | |||||
| CVE-2024-7612 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-12-18 | N/A | 8.8 HIGH |
| Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components. | |||||