Skip to main content

Desktop Server Management

5 CVEs product

Monthly

CVE-2024-7572 HIGH This Week

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Server Management
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-29821 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-29213 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2023-28129 HIGH This Week

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Desktop Server Management
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-12441 CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management Service Manager Heat Remote Control
NVD
CVSS 3.1
9.8
EPSS
3.8%
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Server Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Desktop Server Management
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy