Filtered by vendor Ivanti
Subscriptions
Total
345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38343 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.5 High |
| An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery. | ||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.8 High |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | ||||
| CVE-2023-38041 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2024-11-21 | 7.0 High |
| A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | ||||
| CVE-2023-35084 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 9.8 Critical |
| Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute commands remotely. | ||||
| CVE-2023-35083 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 6.5 Medium |
| Allows an authenticated attacker with network access to read arbitrary files on Endpoint Manager recently discovered on 2022 SU3 and all previous versions potentially leading to the leakage of sensitive information. | ||||
| CVE-2023-35077 | 2 Ivanti, Microsoft | 2 Endpoint Manager, Windows | 2024-11-21 | 7.5 High |
| An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | ||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 | ||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | ||||
| CVE-2023-32565 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.1 Critical |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | ||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | ||||
| CVE-2023-32562 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 9.8 Critical |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1. | ||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | ||||
| CVE-2023-28324 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.2 High |
| A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | ||||
| CVE-2023-28323 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 9.8 Critical |
| A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. | ||||
| CVE-2023-28129 | 1 Ivanti | 1 Desktop \& Server Management | 2024-11-21 | 7.8 High |
| DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. | ||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.5 High |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | ||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | 7.8 High |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | ||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2022-35259 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges. | ||||