Skip to main content

Ivanti

386 CVEs vendor

Monthly

CVE-2023-46262 HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
82.8%
CVE-2023-39340 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Connect Secure
NVD
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-41720 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-41719 HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure
NVD
CVSS 3.1
7.2
EPSS
3.4%
CVE-2023-38543 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38043 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-35080 HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-41726 HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41725 HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35084 CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-38344 MEDIUM This Month

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-38343 HIGH This Week

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti SSRF XXE Endpoint Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-38035 CRITICAL POC KEV THREAT Emergency

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Ivanti Authentication Bypass Mobileiron Sentry
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2023-35082 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-32567 CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-35081 HIGH POC KEV THREAT This Week

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Mobile
NVD
CVSS 3.1
7.2
EPSS
63.3%
CVE-2023-35078 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-35077 HIGH This Week

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Microsoft Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-28324 CRITICAL POC THREAT Emergency

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
12.9%
CVE-2022-35258 HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Neurons For Zero Trust Access Policy Secure
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-35254 HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Use After Free Memory Corruption Connect Secure +2
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-27773 CRITICAL Act Now

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2022-21826 MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
5.4
EPSS
45.2%
CVE-2022-27088 HIGH This Week

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Dsm Remote
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-44529 CRITICAL POC KEV PATCH THREAT Act Now

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Ivanti Endpoint Manager Cloud Services Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
99.1%
CVE-2021-42133 HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2021-42132 HIGH This Week

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
70.1%
CVE-2021-42131 HIGH This Week

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
66.5%
CVE-2021-42130 HIGH This Week

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
62.2%
CVE-2021-42129 HIGH This Week

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
77.3%
CVE-2021-42128 CRITICAL Act Now

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
4.5%
CVE-2021-42127 CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti Avalanche
NVD
CVSS 3.1
9.8
EPSS
65.8%
CVE-2021-42126 HIGH This Week

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Authentication Bypass Avalanche
NVD
CVSS 3.1
8.8
EPSS
3.9%
CVE-2021-42125 HIGH This Week

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload Ivanti Avalanche
NVD
CVSS 3.1
8.8
EPSS
81.6%
CVE-2021-42124 HIGH This Week

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Avalanche
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36235 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2021-3540 HIGH POC This Week

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-3198 HIGH POC This Week

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ivanti Mobileiron
NVD
CVSS 3.1
7.2
EPSS
3.3%
CVE-2021-31922 HIGH POC This Week

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Ivanti Virtual Traffic Manager
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-22893 CRITICAL KEV THREAT Act Now

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ivanti Authentication Bypass Connect Secure
NVD
CVSS 3.1
10.0
EPSS
47.2%
CVE-2021-22887 LOW PATCH Monitor

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Ivanti Psa 5000 Firmware Psa 7000 Firmware X10Slh F Firmware +7
NVD
CVSS 3.1
2.3
EPSS
0.2%
CVE-2020-13773 MEDIUM POC This Month

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivanti Endpoint Manager
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-13772 MEDIUM POC This Month

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2020-13769 HIGH POC This Week

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-13774 CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti Endpoint Manager
NVD
CVSS 3.1
9.9
EPSS
4.7%
CVE-2020-13771 HIGH This Week

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2020-13770 HIGH This Week

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8254 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft Pulse Secure Desktop Client
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-8250 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8249 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8248 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-8241 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ivanti Information Disclosure Pulse Secure Desktop Client
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-8240 HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Microsoft Information Disclosure Pulse Secure Desktop Client
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-8239 CRITICAL Act Now

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft Pulse Secure Desktop Client
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2020-8956 LOW POC Monitor

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Microsoft Brute Force Pulse Secure Desktop
NVD GitHub
CVSS 3.1
3.3
EPSS
1.2%
CVE-2020-13793 CRITICAL Act Now

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Dsm Netinst
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-12441 CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management Service Manager Heat Remote Control
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-15408 MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure Pulse Secure Desktop Client
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2020-13162 HIGH POC This Week

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Ivanti Microsoft Information Disclosure Pulse Secure Desktop Client Pulse Secure Installer Service
NVD
CVSS 3.1
7.0
EPSS
0.8%
CVE-2020-12442 CRITICAL Act Now

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Ivanti SQLi Avalanche
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2020-11582 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Ivanti Information Disclosure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2020-11581 HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ivanti Command Injection Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
8.1
EPSS
9.8%
CVE-2020-11580 CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2020-11533 MEDIUM This Month

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Workspace Control
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2019-19675 HIGH This Week

In Ivanti Workspace Control before 10.3.180.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2019-10651 CRITICAL PATCH Act Now

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti RCE Endpoint Manager
NVD
CVSS 3.0
9.8
EPSS
4.3%
CVE-2019-12377 CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE Landesk Management Suite
NVD
CVSS 3.0
9.8
EPSS
5.5%
CVE-2019-12376 MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
CVSS 3.0
4.5
EPSS
0.6%
CVE-2019-12375 MEDIUM This Month

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Ivanti RCE Path Traversal Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
6.3
EPSS
1.1%
CVE-2019-12374 HIGH POC This Week

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ivanti Landesk Management Suite
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2019-12373 CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
CVSS 3.0
9.0
EPSS
1.0%
CVE-2019-11509 HIGH This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti RCE Connect Secure Policy Secure Pulse Policy Secure
NVD
CVSS 3.1
8.8
EPSS
7.8%
CVE-2019-11508 HIGH POC PATCH THREAT This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ivanti Path Traversal RCE Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.2
EPSS
15.0%
CVE-2019-11507 MEDIUM POC PATCH This Month

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ivanti Connect Secure
NVD
CVSS 3.1
6.1
EPSS
4.1%
CVE-2019-11543 MEDIUM This Month

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
6.1
EPSS
3.1%
CVE-2019-11542 HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.1
7.2
EPSS
66.1%
CVE-2019-11541 HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure
NVD
CVSS 3.1
7.5
EPSS
4.0%
CVE-2019-11540 CRITICAL POC Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure Pulse Connect Secure Pulse Policy Secure
NVD
CVSS 3.1
9.8
EPSS
8.3%
CVE-2019-11539 HIGH POC KEV THREAT Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Command Injection Connect Secure Policy Secure Pulse Policy Secure
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
98.6%
CVE-2019-11538 HIGH POC This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure
NVD
CVSS 3.1
7.7
EPSS
7.4%
CVE-2019-11213 HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation Connect Secure Pulse Connect Secure +1
NVD
CVSS 3.0
8.1
EPSS
2.8%
CVE-2019-10885 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-20193 HIGH POC This Week

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Juniper Secure Access Series Ssl Vpn Sa 4000
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-20307 MEDIUM This Month

Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Virtual Traffic Manager
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2018-20306 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Ivanti Virtual Traffic Manager
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-11002 MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti Pulse Secure Desktop Client
NVD
CVSS 3.0
5.5
EPSS
0.9%
CVE-2018-15593 HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.0%
CVE-2018-15592 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.0
7.8
EPSS
0.6%
CVE-2018-15591 HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ivanti RCE Information Disclosure Workspace Control
NVD
CVSS 3.0
7.8
EPSS
1.3%
CVE-2018-15590 MEDIUM This Month

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
CVSS 3.0
5.5
EPSS
1.0%
EPSS 83% CVSS 7.5
HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker can send a specific request which may lead to Denial of Service (DoS) of the appliance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ivanti Connect Secure
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure
NVD
EPSS 3% CVSS 7.2
HIGH This Week

A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Ivanti Connect Secure
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Ivanti +1
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Unsafe Deserialization of User Input could lead to Execution of Unauthorized Operations in Ivanti Endpoint Manager 2022 su3 and all previous versions, which could allow an attacker to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Deserialization Endpoint Manager
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti SSRF XXE +1
NVD GitHub
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Emergency

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Ivanti Authentication Bypass +1
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Ivanti Avalanche decodeToMap XML External Entity Processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti XXE Avalanche
NVD
EPSS 63% CVSS 7.2
HIGH POC KEV THREAT This Week

A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ivanti Endpoint Manager Mobile
NVD
EPSS 100% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti +2
NVD
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Emergency

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Ivanti +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Use After Free +4
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
EPSS 45% CVSS 5.4
MEDIUM This Month

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Request Smuggling XSS +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Dsm Remote
NVD
EPSS 99% CVSS 9.8
CRITICAL POC KEV PATCH THREAT Act Now

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Ivanti +1
NVD Exploit-DB
EPSS 3% CVSS 8.1
HIGH This Week

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ivanti Avalanche
NVD
EPSS 70% CVSS 8.8
HIGH This Week

A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
EPSS 67% CVSS 8.8
HIGH This Week

A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Privilege Escalation Ivanti +1
NVD
EPSS 62% CVSS 8.8
HIGH This Week

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti +1
NVD
EPSS 77% CVSS 8.8
HIGH This Week

A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ivanti Avalanche
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
EPSS 66% CVSS 9.8
CRITICAL Act Now

A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Ivanti +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Authentication Bypass +1
NVD
EPSS 82% CVSS 8.8
HIGH This Week

An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization File Upload Ivanti +1
NVD
EPSS 3% CVSS 8.8
HIGH This Week

An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Avalanche
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.6.30.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

By abusing the 'install rpm info detail' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Mobileiron
NVD
EPSS 3% CVSS 7.2
HIGH POC This Week

By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ivanti Mobileiron
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffic Manager before 21.1 could allow an attacker to smuggle an HTTP request through an HTTP/2 Header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Ivanti +1
NVD
EPSS 47% CVSS 10.0
CRITICAL KEV THREAT Act Now

Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Ivanti +2
NVD
EPSS 0% CVSS 2.3
LOW PATCH Monitor

A vulnerability in the BIOS of Pulse Secure (PSA-Series Hardware) models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Ivanti Psa 5000 Firmware +9
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ivanti Endpoint Manager
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Endpoint Manager
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti SQLi Endpoint Manager
NVD
EPSS 5% CVSS 9.9
CRITICAL Act Now

An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE Ivanti +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ivanti Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Pulse Secure Desktop Client
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Ivanti Information Disclosure Pulse Secure Desktop Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Microsoft +1
NVD
EPSS 1% CVSS 3.3
LOW POC Monitor

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' passwords if Save Settings is enabled. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Microsoft +2
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Dsm Netinst
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ivanti Desktop Server Management +1
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Pulse Connect Secure +1
NVD
EPSS 1% CVSS 7.0
HIGH POC This Week

A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Ivanti Microsoft Information Disclosure +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Ivanti SQLi +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Ivanti Information Disclosure +2
NVD
EPSS 10% CVSS 8.1
HIGH POC This Week

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ivanti Command Injection Apple +2
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ivanti Apple +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Workspace Control
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Ivanti Workspace Control before 10.3.180.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in the Core Server in Ivanti Endpoint Manager (EPM) 2017.3 before SU7 and 2018.x before 2018.3 SU3, with remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Ivanti RCE Endpoint Manager
NVD
EPSS 6% CVSS 9.8
CRITICAL POC Act Now

A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti File Upload RCE +1
NVD
EPSS 1% CVSS 4.5
MEDIUM POC This Month

Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ivanti Landesk Management Suite
NVD
EPSS 1% CVSS 6.3
MEDIUM This Month

Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Ivanti RCE Path Traversal +2
NVD
EPSS 3% CVSS 8.1
HIGH POC This Week

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

SQLi Ivanti Landesk Management Suite
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Information Disclosure Landesk Management Suite
NVD
EPSS 8% CVSS 8.8
HIGH This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 and Pulse Policy Secure (PPS) before 5.1R15.1, 5.2 before 5.2R12.1, 5.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti RCE Connect Secure +2
NVD
EPSS 15% CVSS 7.2
HIGH POC PATCH THREAT This Week

In Pulse Secure Pulse Connect Secure (PCS) before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker (via the admin web interface) can exploit. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Ivanti Path Traversal RCE +2
NVD
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ivanti Connect Secure
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ivanti Connect Secure +2
NVD
EPSS 66% CVSS 7.2
HIGH POC THREAT This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Buffer Overflow Memory Corruption +3
NVD
EPSS 4% CVSS 7.5
HIGH This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.2RX before 8.2R12.1, users using SAML authentication with the Reuse Existing NC (Pulse) Session option. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Connect Secure +1
NVD
EPSS 8% CVSS 9.8
CRITICAL POC Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4 and 8.3RX before 8.3R7.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2 and 5.4RX before 5.4R7.1, an unauthenticated, remote. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure +2
NVD
EPSS 99% CVSS 7.2
HIGH POC KEV THREAT Act Now

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Command Injection Connect Secure +2
NVD Exploit-DB
EPSS 7% CVSS 7.7
HIGH POC This Week

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1, an NFS problem could allow an authenticated attacker to. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Information Disclosure Connect Secure
NVD
EPSS 3% CVSS 8.1
HIGH This Week

In Pulse Secure Pulse Desktop Client and Network Connect, an attacker could access session tokens to replay and spoof sessions, and as a result, gain unauthorized access as an end user, a related. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ivanti Session Fixation +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.90.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC) allow privilege escalation, as demonstrated by Secure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Juniper +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Virtual Traffic Manager
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Ivanti +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Ivanti +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ivanti Workspace Control
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ivanti RCE Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Ivanti Workspace Control
NVD
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy