Filtered by vendor Ivanti
Subscribe
Search
Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-21887 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-01-12 | N/A | 9.1 CRITICAL |
| A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | |||||
| CVE-2023-46805 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2024-01-12 | N/A | 8.2 HIGH |
| An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | |||||
| CVE-2023-39336 | 1 Ivanti | 1 Endpoint Manager | 2024-01-12 | N/A | 8.8 HIGH |
| An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | |||||
| CVE-2023-46262 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 7.5 HIGH |
| An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. | |||||
| CVE-2023-46266 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2021-22962 | 1 Ivanti | 1 Avalanche | 2023-12-28 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. | |||||
| CVE-2023-46265 | 1 Ivanti | 1 Avalanche | 2023-12-22 | N/A | 9.8 CRITICAL |
| An unauthenticated could abuse a XXE vulnerability in the Smart Device Server to leak data or perform a Server-Side Request Forgery (SSRF). | |||||
| CVE-2023-46263 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remote code execution. | |||||
| CVE-2023-46264 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||
| CVE-2023-46804 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46803 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 7.5 HIGH |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). | |||||
| CVE-2023-46259 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46261 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46260 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46258 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46221 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46222 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46224 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46223 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46225 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46216 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46217 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-46220 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2023-12-21 | N/A | 9.8 CRITICAL |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | |||||
| CVE-2023-39340 | 1 Ivanti | 1 Connect Secure | 2023-12-20 | N/A | 7.5 HIGH |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. | |||||
| CVE-2023-41720 | 1 Ivanti | 1 Connect Secure | 2023-12-19 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system. | |||||
| CVE-2023-41719 | 1 Ivanti | 1 Connect Secure | 2023-12-19 | N/A | 7.2 HIGH |
| A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. | |||||
| CVE-2023-35078 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-11-28 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. | |||||
| CVE-2023-38543 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-23 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine. | |||||
| CVE-2023-38043 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-23 | N/A | 7.8 HIGH |
| A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to a denial of service (DoS) condition on the user machine and, in some cases, resulting in a full compromise of the system. | |||||
| CVE-2023-35080 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | |||||
| CVE-2023-38544 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2023-11-22 | N/A | 5.5 MEDIUM |
| A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | |||||
| CVE-2023-41718 | 2 Ivanti, Microsoft | 2 Secure Access Client, Windows | 2023-11-22 | N/A | 7.8 HIGH |
| When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | |||||
| CVE-2023-39337 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-11-22 | N/A | 9.1 CRITICAL |
| A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity. | |||||
| CVE-2023-39335 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-11-22 | N/A | 9.8 CRITICAL |
| A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources. | |||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2023-11-09 | N/A | 7.8 HIGH |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2023-11-09 | N/A | 7.8 HIGH |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | |||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2023-11-09 | N/A | 7.8 HIGH |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2023-41725 | 1 Ivanti | 1 Avalanche | 2023-11-09 | N/A | 7.8 HIGH |
| Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | |||||
| CVE-2023-41726 | 1 Ivanti | 1 Avalanche | 2023-11-09 | N/A | 7.8 HIGH |
| Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | |||||
| CVE-2023-38035 | 1 Ivanti | 1 Mobileiron Sentry | 2023-08-24 | N/A | 9.8 CRITICAL |
| A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | |||||
| CVE-2023-35082 | 1 Ivanti | 1 Endpoint Manager Mobile | 2023-08-22 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. | |||||
| CVE-2023-32560 | 1 Ivanti | 1 Avalanche | 2023-08-16 | N/A | 9.8 CRITICAL |
| An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1. | |||||
| CVE-2023-32561 | 1 Ivanti | 1 Avalanche | 2023-08-16 | N/A | 7.5 HIGH |
| A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. | |||||
| CVE-2023-28129 | 1 Ivanti | 1 Desktop \& Server Management | 2023-08-15 | N/A | 7.8 HIGH |
| Desktop & Server Management (DSM) may have a possible execution of arbitrary commands. | |||||
| CVE-2023-32567 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1. | |||||
| CVE-2023-32566 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.1 CRITICAL |
| An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. | |||||
| CVE-2023-32563 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| An unauthenticated attacker could achieve the code execution through a RemoteControl server. | |||||
| CVE-2023-32564 | 1 Ivanti | 1 Avalanche | 2023-08-15 | N/A | 9.8 CRITICAL |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. | |||||