Filtered by vendor Ivanti
Subscriptions
Total
345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29213 | 1 Ivanti | 1 Desktop \& Server Management | 2024-10-21 | N/A |
| Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. | ||||
| CVE-2024-37404 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-10-21 | N/A |
| Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2024-9381 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-16 | 7.2 High |
| Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. | ||||
| CVE-2024-47011 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information | ||||
| CVE-2024-47010 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2024-47009 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.3 High |
| Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to bypass authentication. | ||||
| CVE-2024-47008 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
| Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information. | ||||
| CVE-2024-47007 | 1 Ivanti | 1 Avalanche | 2024-10-16 | 7.5 High |
| A NULL pointer dereference in WLAvalancheService.exe of Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to cause a denial of service. | ||||
| CVE-2024-9379 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | 6.5 Medium |
| SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | ||||
| CVE-2024-9380 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-10-10 | 7.2 High |
| An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. | ||||
| CVE-2024-7593 | 1 Ivanti | 2 Virtual Traffic Management, Virtual Traffic Manager | 2024-09-25 | 9.8 Critical |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | ||||
| CVE-2024-8963 | 1 Ivanti | 1 Endpoint Manager Cloud Services Appliance | 2024-09-21 | 9.4 Critical |
| Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | ||||
| CVE-2024-8012 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | 7.8 High |
| An authentication bypass weakness in the message broker service of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44107 | 1 Ivanti | 1 Workspace Control | 2024-09-18 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges and achieve arbitrary code execution. | ||||
| CVE-2024-44106 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
| Insufficient server-side controls in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44105 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.2 High |
| Cleartext transmission of sensitive information in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to obtain OS credentials. | ||||
| CVE-2024-44104 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
| An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-44103 | 1 Ivanti | 2 Automation, Workspace Control | 2024-09-18 | 8.8 High |
| DLL hijacking in the management console of Ivanti Workspace Control version 10.18.0.0 and below allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2024-29847 | 1 Ivanti | 1 Endpoint Manager | 2024-09-17 | 9.8 Critical |
| Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-37397 | 1 Ivanti | 1 Endpoint Manager | 2024-09-13 | 8.2 High |
| An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets. | ||||