Filtered by vendor Ivanti
Subscriptions
Total
345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34785 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34783 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-34779 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32848 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32846 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32845 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32843 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32842 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-32840 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.2 High |
| An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | ||||
| CVE-2024-8322 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 4.3 Medium |
| Weak authentication in Patch Management of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker to access restricted functionality. | ||||
| CVE-2024-8441 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 6.7 Medium |
| An uncontrolled search path in the agent of Ivanti EPM before 2022 SU6, or the 2024 September update allows a local authenticated attacker with admin privileges to escalate their privileges to SYSTEM. | ||||
| CVE-2024-8321 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 5.8 Medium |
| Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to isolate managed devices from the network. | ||||
| CVE-2024-8320 | 1 Ivanti | 2 Automation, Endpoint Manager | 2024-09-12 | 5.3 Medium |
| Missing authentication in Network Isolation of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to spoof Network Isolation status of managed devices. | ||||
| CVE-2024-8191 | 1 Ivanti | 1 Endpoint Manager | 2024-09-12 | 7.8 High |
| SQL injection in the management console of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution. | ||||
| CVE-2024-7570 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | 8.3 High |
| Improper certificate validation in Ivanti ITSM on-prem and Neurons for ITSM Versions 2023.4 and earlier allows a remote attacker in a MITM position to craft a token that would allow access to ITSM as any user. | ||||
| CVE-2024-7569 | 1 Ivanti | 1 Neurons For Itsm | 2024-09-06 | 9.6 Critical |
| An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker to obtain the OIDC client secret via debug information. | ||||
| CVE-2024-36131 | 1 Ivanti | 1 Endpoint Manager Mobile | 2024-08-21 | 8.8 High |
| An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. | ||||
| CVE-2024-37373 | 1 Ivanti | 1 Avalanche | 2024-08-16 | 7.2 High |
| Improper input validation in the Central Filestore in Ivanti Avalanche 6.3.1 allows a remote authenticated attacker with admin rights to achieve RCE. | ||||
| CVE-2024-38653 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 7.5 High |
| XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server. | ||||
| CVE-2024-38652 | 1 Ivanti | 1 Avalanche | 2024-08-15 | 9.1 Critical |
| Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. | ||||