Skip to main content

Ivanti

386 CVEs vendor

Monthly

CVE-2024-13169 HIGH This Month

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13168 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13167 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13166 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2024-13165 HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Denial Of Service Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-13164 HIGH This Month

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13163 HIGH This Month

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.5% and no vendor patch available.

RCE Deserialization Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
26.5%
CVE-2024-13162 HIGH This Month

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 43.8% and no vendor patch available.

RCE Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
43.8%
CVE-2024-13161 CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
92.5%
Threat
7.7
CVE-2024-13160 CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
93.5%
Threat
7.8
CVE-2024-13159 CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs.

Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
94.2%
Threat
7.8
CVE-2024-13158 HIGH PATCH This Month

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5%.

RCE Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
21.5%
CVE-2024-13181 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-13180 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.5
EPSS
3.0%
CVE-2024-13179 HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2024-10811 CRITICAL POC Act Now

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Path Traversal Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2024-10630 HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-0283 HIGH CERT-EU This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a. Rated high severity (CVSS 7.0). Epss exploitation probability 45.1% and no vendor patch available.

Stack Overflow Buffer Overflow Ivanti Connect Secure Neurons For Zero Trust Access +1
NVD
CVSS 3.1
7.0
EPSS
45.1%
CVE-2025-0282 CRITICAL POC KEV THREAT CERT-EU Emergency

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months.

RCE Stack Overflow Buffer Overflow Ivanti Connect Secure +2
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
94.1%
Threat
7.6
CVE-2024-37401 HIGH This Week

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Connect Secure +1
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2024-37377 HIGH This Week

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service Memory Corruption Connect Secure +1
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2024-9845 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8496 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11598 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11597 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10251 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-9844 HIGH This Week

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-8540 MEDIUM This Month

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Standalone Sentry
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-7572 HIGH This Week

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Server Management
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-11773 HIGH This Week

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
23.6%
CVE-2024-11772 HIGH This Week

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
7.7%
CVE-2024-11639 CRITICAL Act Now

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Cloud Services Appliance
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2024-11634 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.8%
CVE-2024-11633 HIGH This Week

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-10256 HIGH This Week

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager Neurons Agent Platform Neurons For Patch Management +3
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-39712 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39711 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.7%
CVE-2024-39710 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.0
9.1
EPSS
1.9%
CVE-2024-39709 HIGH This Week

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-38656 CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.7%
CVE-2024-38655 HIGH This Week

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-38654 MEDIUM This Month

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.0
4.4
EPSS
0.3%
CVE-2024-38649 HIGH This Week

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Connect Secure
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2024-37400 HIGH This Week

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Denial Of Service Connect Secure
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2024-37398 HIGH This Week

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-37376 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2024-34787 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
17.9%
CVE-2024-34784 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-34782 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-34781 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
67.7%
CVE-2024-34780 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-32847 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2024-32844 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-32841 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2024-32839 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2024-29211 MEDIUM This Month

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-9843 MEDIUM This Month

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-9842 LOW Monitor

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2024-8539 HIGH This Week

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-7571 HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-11006 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-11005 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-11004 MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2024-9420 HIGH This Week

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free RCE Ivanti Memory Corruption Connect Secure +1
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2024-8495 HIGH This Week

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Connect Secure Policy Secure
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2024-50331 HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50330 CRITICAL Act Now

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
40.5%
CVE-2024-50329 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2024-50328 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-50327 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2024-50326 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
25.8%
CVE-2024-50324 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
18.2%
CVE-2024-50323 HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-50322 HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
6.0%
CVE-2024-50321 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50320 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
31.2%
CVE-2024-50319 HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50318 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-50317 HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2024-47909 MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti Denial Of Service Connect Secure +1
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-47907 HIGH This Week

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti Denial Of Service Connect Secure
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2024-47906 HIGH This Week

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-47905 MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti Denial Of Service Connect Secure +1
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2024-11007 HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2024-37404 HIGH POC PATCH THREAT Act Now

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Ivanti Connect Secure Policy Secure
NVD
CVSS 3.1
8.8
EPSS
67.3%
CVE-2024-29821 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-29213 HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-9381 HIGH This Week

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
15.7%
CVE-2024-9380 HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
63.0%
CVE-2024-9379 HIGH KEV THREAT This Week

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Endpoint Manager Cloud Services Appliance
NVD
CVSS 3.1
7.2
EPSS
43.6%
EPSS 0% CVSS 7.8
HIGH This Month

An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti +2
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti +2
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti +2
NVD
EPSS 2% CVSS 7.5
HIGH This Month

An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Endpoint Manager
NVD
EPSS 26% CVSS 7.8
HIGH This Month

Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.5% and no vendor patch available.

RCE Deserialization Ivanti +1
NVD
EPSS 44% CVSS 7.2
HIGH This Month

SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 43.8% and no vendor patch available.

RCE Ivanti SQLi +1
NVD
EPSS 93% 7.7 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a third absolute path traversal vulnerability for unauthenticated information disclosure, completing the triple path traversal set in the January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 93% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains a second absolute path traversal vulnerability for unauthenticated information disclosure, part of the triple path traversal affecting EPM's January 2025 security update.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 94% 7.8 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Ivanti Endpoint Manager contains an absolute path traversal vulnerability allowing unauthenticated remote attackers to leak sensitive information from the EPM server, one of three related Ivanti EPM path traversal CVEs.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 21% CVSS 7.2
HIGH PATCH This Month

An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.5%.

RCE Ivanti Path Traversal +1
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 3% CVSS 7.5
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 1% CVSS 7.3
HIGH This Month

Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Path Traversal Avalanche
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Path Traversal Endpoint Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Application Control +1
NVD
EPSS 45% CVSS 7.0
HIGH This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a. Rated high severity (CVSS 7.0). Epss exploitation probability 45.1% and no vendor patch available.

Stack Overflow Buffer Overflow Ivanti +3
NVD
EPSS 94% 7.6 CVSS 9.0
CRITICAL POC KEV THREAT Emergency

Ivanti Connect Secure, Policy Secure, and Neurons for ZTA contain a stack-based buffer overflow allowing unauthenticated remote code execution, the second major Ivanti VPN zero-day in twelve months.

RCE Stack Overflow Buffer Overflow +4
NVD GitHub Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Connect Secure
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Standalone Sentry
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Desktop Server Management
NVD
EPSS 24% CVSS 7.2
HIGH This Week

SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Cloud Services Appliance
NVD
EPSS 8% CVSS 7.2
HIGH This Week

Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Cloud Services Appliance
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager +5
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure +1
NVD
EPSS 2% CVSS 9.1
CRITICAL Act Now

Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.1 and 9.1R18.9 allows a remote authenticated attacker with admin. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9.1Rx) allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

An out of bounds read in Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to trigger an infinite loop, causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
EPSS 3% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 18% CVSS 7.8
HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 68% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 3% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Information Disclosure Ivanti +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Denial Of Service +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free RCE Ivanti +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ivanti +1
NVD
EPSS 41% CVSS 9.8
CRITICAL Act Now

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti +1
NVD
EPSS 2% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 26% CVSS 7.2
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 18% CVSS 7.2
HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Ivanti +1
NVD
EPSS 6% CVSS 7.8
HIGH This Week

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Ivanti +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 31% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Denial Of Service Avalanche
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Ivanti Denial Of Service +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Ivanti +3
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 67% CVSS 8.8
HIGH POC PATCH THREAT Act Now

Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Ivanti Connect Secure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ivanti DSM < version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Desktop Server Management
NVD
EPSS 16% CVSS 7.2
HIGH This Week

Path traversal in Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to bypass restrictions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Cloud Services Appliance
NVD
EPSS 63% CVSS 7.2
HIGH KEV EUVD KEV THREAT This Week

An OS command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to obtain remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +1
NVD
EPSS 44% CVSS 7.2
HIGH KEV THREAT This Week

SQL injection in the admin web console of Ivanti CSA before version 5.0.2 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ivanti Endpoint Manager Cloud Services Appliance
NVD
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy